exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2012-0057

Status Candidate

Overview

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Related Files

HP Security Bulletin HPSBMU02786 SSRT100877 2
Posted May 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794
Gentoo Linux Security Advisory 201209-03
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-3 - Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Versions less than 5.3.15 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1398, CVE-2011-3379, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0789, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386, CVE-2012-2688, CVE-2012-3365, CVE-2012-3450
SHA-256 | 9f816b924ad418620e160f8c0c949d6a934cbb7b2edf6d8854a05c114583d85c
HP Security Bulletin HPSBMU02786 SSRT100877
Posted Jun 28, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7d
Red Hat Security Advisory 2012-1046-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0781, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
SHA-256 | fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865
Red Hat Security Advisory 2012-1045-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2336
SHA-256 | 57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9
Red Hat Security Advisory 2012-1047-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
SHA-256 | ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628
Ubuntu Security Notice USN-1358-2
Posted Feb 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0831, CVE-2011-4885, CVE-2012-0830, CVE-2011-4153, CVE-2012-0057, CVE-2012-0788, CVE-2012-0831, CVE-2011-0441
SHA-256 | f0e3f2a3522dbb09758f1bf08f0d15a04e639581a43300707f483dc4b76ee08a
Ubuntu Security Notice USN-1358-1
Posted Feb 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, php
systems | linux, ubuntu
advisories | CVE-2011-4885, CVE-2012-0830, CVE-2011-4153, CVE-2012-0057, CVE-2012-0788, CVE-2012-0831, CVE-2011-0441, CVE-2011-0441, CVE-2011-4153, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0830, CVE-2012-0831
SHA-256 | 4e7832bc4af2f7480c0583d5776cc3ff599367f5f6f7376c2832f74a7230342c
Debian Security Advisory 2399-2
Posted Feb 1, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2399-2 - A regression was found in the fix for PHP's XSLT transformations. Updated packages are now available to address this regression.

tags | advisory, php
systems | linux, debian
advisories | CVE-2011-1938, CVE-2011-2483, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057
SHA-256 | 4035ae5908f7161c8fd3e3ad199b05e40982d101f247f62370783a4fb90bad34
Debian Security Advisory 2399-1
Posted Feb 1, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2399-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2011-1938, CVE-2011-2483, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057
SHA-256 | 641d80929f164eca8f727ea93974dd480bf89f24fda91e61ea6f2db83f127f9e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close