what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2011-1153

Status Candidate

Overview

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

Related Files

HP Security Bulletin HPSBMU02764 SSRT100827 2
Posted Apr 20, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
SHA-256 | 309e442bfe4de81d1da4a903beb9bb3ce130e05b0ec3c99ada2e50debacf94af
HP Security Bulletin HPSBMU02764 SSRT100827
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
SHA-256 | ef4dc6d5c693e4d1488186aa6471a0d6ae5ab0b725cd9a055f4101f928dcf379
Debian Security Advisory 2266-2
Posted Jul 1, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2266-2 - The update for CVE-2010-2531 for the old stabledistribution (lenny) introduced a regression, which lead to additional output being written to stdout.

tags | advisory
systems | linux, debian
advisories | CVE-2010-2531, CVE-2011-0420, CVE-2011-0421, CVE-2011-0708, CVE-2011-1153, CVE-2011-1466, CVE-2011-1471, CVE-2011-2202
SHA-256 | f8f9215e818490fc2f7ebd9064ee594fd02d03d6a1ed09e7ff12fa39b629cd00
Debian Security Advisory 2266-1
Posted Jun 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2266-1 - Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2010-2531, CVE-2011-0420, CVE-2011-0421, CVE-2011-0708, CVE-2011-1153, CVE-2011-1466, CVE-2011-1471, CVE-2011-2202
SHA-256 | 40ee0fdcf0a402b4e148929bf52520da5205fe15c50c8dae5bbc534b47bdd4b6
Ubuntu Security Notice USN-1126-2
Posted May 5, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1126-2 - USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1144, CVE-2006-7243, CVE-2010-4697, CVE-2010-4698, CVE-2011-0420, CVE-2011-0421, CVE-2011-0441, CVE-2011-0708, CVE-2011-1072, CVE-2011-1092, CVE-2011-1144, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
SHA-256 | d3109ede1f1b610fb18480ae30cb346b0d85aac84aedfeadd43a5eb1ad6fe0a2
Ubuntu Security Notice USN-1126-1
Posted Apr 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1126-1 - Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file. Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Various other issues with PHP 5 were also identified and resolved.

tags | advisory, denial of service, overflow, arbitrary, local, php
systems | linux, ubuntu
advisories | CVE-2011-1144, CVE-2006-7243, CVE-2010-4697, CVE-2010-4698, CVE-2011-0420, CVE-2011-0421, CVE-2011-0441, CVE-2011-0708, CVE-2011-1072, CVE-2011-1092, CVE-2011-1144, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
SHA-256 | 0d1f20dac678d851bff44d385515866f5fb9db107a028a3a3bb2ee850d32fc53
Mandriva Linux Security Advisory 2011-053
Posted Mar 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-053 - Multiple vulnerabilities has been identified and fixed in php. These range from denial of service to code execution issues.

tags | advisory, denial of service, php, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
SHA-256 | 8e3a31350afca8110c11002ff4e93c17438c6aac20bba525ca9ac7e60132ba30
Mandriva Linux Security Advisory 2011-052
Posted Mar 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-052 - Multiple vulnerabilities has been identified and fixed in php. These range from denial of service to code execution issues.

tags | advisory, denial of service, php, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
SHA-256 | 1b98e934ccd7157b0631d5dcf0d404eaa0ead3e489c99c8cdc7264385eb99b35
Page 1 of 1
Back1Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close