what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2015-0232

Status Candidate

Overview

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

Related Files

Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
SHA-256 | 7a0709c784a5d4fb9ea404af89915bb4719339d731eebc17ca1e750e0b02747c
HP Security Bulletin HPSBMU03409 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2013-0248, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286
SHA-256 | ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5
HP Security Bulletin HPSBMU03380 1
Posted Jul 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03380 1 - Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289
SHA-256 | b24b33b6953298c7dff07ba7ebf547fe10934e4d227a0e52094bde980503367c
Red Hat Security Advisory 2015-1218-01
Posted Jul 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1218-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.

tags | advisory, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-9425, CVE-2014-9705, CVE-2014-9709, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603
SHA-256 | f71a8aee7d3ef2bbf2887ea24776b5bd018766e584acec28464f0aaad7cffb13
Red Hat Security Advisory 2015-1135-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602
SHA-256 | cd29d265756a82b81294b5b57ef3c66093befd38401aca38c86228d6f38a5a66
Red Hat Security Advisory 2015-1066-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1066-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
SHA-256 | 737b0fc8464520a03cda25d1868c5e45d2eda21dfbca75a7f5d7a523dcde4ef1
Red Hat Security Advisory 2015-1053-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1053-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
SHA-256 | 277990d32ba3a0e77323741d4d5dd06eb3a124cd7bc3d266dc530c4f8981c0ba
Debian Security Advisory 3195-1
Posted Mar 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3195-1 - Multiple vulnerabilities have been discovered in the PHP language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2014-9705, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2305
SHA-256 | cdc2de2a28ef492aa693f78551e5dffaa0a184f87b36f4a424a161f2adfc8add
Gentoo Linux Security Advisory 201503-03
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-3 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.21 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3710, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2015-0231, CVE-2015-0232
SHA-256 | f4b1f5999f8e64b5ebece53ea940ad066475808daa6304fe2c13343ae3f4b837
Ubuntu Security Notice USN-2501-1
Posted Feb 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2501-1 - Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local, cgi, php
systems | linux, ubuntu
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2015-0231, CVE-2015-0232, CVE-2015-1351, CVE-2015-1352
SHA-256 | 87581be317b7551f9d11aa00fc90c8ccbf8b821794084bfafde6b9df107ac894
Mandriva Linux Security Advisory 2015-032
Posted Feb 9, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-032 - sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a.php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a.php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service via crafted EXIF data in a JPEG image. The updated php packages have been upgraded to the 5.5.21 version which is not vulnerable to these issues. Additionally, the timezonedb package has been upgraded to the latest 2015.1 version, the php-suhosin package has been upgraded to the latest 0.9.37.1 and the PECL packages which requires so has been rebuilt for php-5.5.21.

tags | advisory, remote, denial of service, arbitrary, cgi, php, code execution
systems | linux, mandriva
advisories | CVE-2014-9427, CVE-2015-0231, CVE-2015-0232
SHA-256 | bbf5efb46d8541bd4023fe632610b7ca5406d789dcad020b27374e3c6f00750d
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close