what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2012-2311

Status Candidate

Overview

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Related Files

HP Security Bulletin HPSBMU02900 3
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 3 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2012-5217, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-4821
MD5 | 6247d63137613f824273fabce2d85e26
HP Security Bulletin HPSBMU02900 2
Posted Jul 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 2 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2012-5217, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364
MD5 | 702ae0bcb2f3c6ebbb21520773ca4e53
HP Security Bulletin HPSBMU02900
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-5217
MD5 | e68ece6eca4b6abd956305d2390b79f5
Gentoo Linux Security Advisory 201209-03
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-3 - Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Versions less than 5.3.15 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1398, CVE-2011-3379, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0789, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386, CVE-2012-2688, CVE-2012-3365, CVE-2012-3450
MD5 | 3a7b11ddafda5c0c062b3746c3db17dd
Apple Security Advisory 2012-09-19-2
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-3026, CVE-2011-3048, CVE-2011-3368, CVE-2011-3389, CVE-2011-3607, CVE-2011-4313, CVE-2011-4317, CVE-2011-4599, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0643, CVE-2012-0650, CVE-2012-0652, CVE-2012-0668, CVE-2012-0670, CVE-2012-0671, CVE-2012-0831, CVE-2012-1172, CVE-2012-1173, CVE-2012-1667, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2386, CVE-2012-2688, CVE-2012-3716, CVE-2012-3718
MD5 | 84dbb60b867b299238ac262bdf6502cf
HP Security Bulletin HPSBUX02791 SSRT100856 2
Posted Aug 24, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02791 SSRT100856 2 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.

tags | advisory, web, denial of service, arbitrary, php, vulnerability
systems | hpux
advisories | CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311
MD5 | 84d824e5b8014f228911171ae7c784a3
HP Security Bulletin HPSBUX02791 SSRT100856
Posted Jun 19, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02791 SSRT100856 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, php, vulnerability
systems | hpux
advisories | CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311
MD5 | fad626e07cd3d3ff9ea78ea3818096f8
Debian Security Advisory 2465-1
Posted May 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2465-1 - De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.

tags | advisory, arbitrary, php
systems | linux, debian
advisories | CVE-2012-1172, CVE-2012-1823, CVE-2012-2311
MD5 | faa20fcb2043b9926e17d34171ea8391
Ubuntu Security Notice USN-1437-1
Posted May 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1437-1 - It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable.

tags | advisory, remote, web, arbitrary, cgi, php
systems | linux, ubuntu
advisories | CVE-2012-1823, CVE-2012-2311
MD5 | f95c2470ba2ffaa16a3faf7c8d5255ef
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    12 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close