exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2013-4113

Status Candidate

Overview

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

Related Files

Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
SHA-256 | 603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1
Apple Security Advisory 2014-02-25-1
Posted Feb 26, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-25-1 - OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2011-3389, CVE-2013-1862, CVE-2013-1896, CVE-2013-4073, CVE-2013-4113, CVE-2013-4248, CVE-2013-5139, CVE-2013-5178, CVE-2013-5179, CVE-2013-5986, CVE-2013-5987, CVE-2013-6420, CVE-2013-6629, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1252, CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261
SHA-256 | 1d8f727073c1ea1d6289c8c7fa93c5237ad978b58d6ca700d78a6f12ea0f3b83
Debian Security Advisory 2723-1
Posted Jul 17, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2723-1 - It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2013-4113
SHA-256 | 5eb4558096f018f55bb641d30881cb44792c27980ef9cb7a5fa7ed75885fbf0b
Slackware Security Advisory - php Updates
Posted Jul 17, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4113.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-4113
SHA-256 | d5d4e47648f1ebfb86bdfd934a4fae3bdbdeabda22ebceca0621c2a1c9d2ae04
Ubuntu Security Notice USN-1905-1
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1905-1 - It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2013-4113, CVE-2013-4635, CVE-2013-4113, CVE-2013-4635
SHA-256 | ca764260def9fed8a82b043ed86476cd75c73a0e28f0a9a7dc0438cb6d7963b2
Red Hat Security Advisory 2013-1063-01
Posted Jul 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1063-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
SHA-256 | 309505c2c8254540813cdaa10f7c8c273952f53f9b8394498febda01107705ea
Red Hat Security Advisory 2013-1062-01
Posted Jul 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1062-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
SHA-256 | d5af94336d7fe63affede3df98c2a9ba5b0b2fe4b757d285b2aa441de70ebcfe
Red Hat Security Advisory 2013-1061-01
Posted Jul 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1061-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
SHA-256 | 5649f8d1a6bbb799e0689f0f8ad3951fe8945c13a70835c68bd55a51babba44b
Mandriva Linux Security Advisory 2013-195
Posted Jul 15, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-195 - A heap corruption vulnerability has been discovered and corrected in PHP.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2013-4113
SHA-256 | 41d22962d3e847be882f55fdf4b1b3e582c6f09ece79764dfde346402e48e90e
Red Hat Security Advisory 2013-1049-01
Posted Jul 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1049-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
SHA-256 | e75380b7282aaa382921ecf112fdb316da3dd5c1a98030990320b73778be9439
Red Hat Security Advisory 2013-1050-01
Posted Jul 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1050-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
SHA-256 | ae1ae5890faa897c0e388c7e472e6bdef7bff09f6930a9b2d0da6eb924a76977
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close