exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2015-2331

Status Candidate

Overview

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Related Files

Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
MD5 | 394e001ee3e97a0e28026a7e3dd1db7f
HP Security Bulletin HPSBUX03337 SSRT102066 1
Posted Jun 11, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
systems | hpux
advisories | CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0227, CVE-2014-0231, CVE-2014-8142, CVE-2014-9709, CVE-2015-0231, CVE-2015-0273, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2783
MD5 | 9fa4f2401a0eae76949782536773bbd8
Slackware Security Advisory - php Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-9709, CVE-2015-0231, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2783, CVE-2015-3330
MD5 | 5e4379cecf5e830fad4daac5cb1dbaf4
Mandriva Linux Security Advisory 2015-079
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-079 - S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code. It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2014-9705, CVE-2015-0231, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2331
MD5 | 113c920994e1b904b60f74c0e5ccfb39
Debian Security Advisory 3198-1
Posted Mar 23, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3198-1 - Multiple vulnerabilities have been discovered in the PHP language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2015-2301, CVE-2015-2331
MD5 | 0dc5e2e58857c03d94822730c37b0e2f
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close