Recent Security Notifications
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ‘d’ case….
CVE Identifier: CVE-2012-1823
Vulnerability Type(s):
Severity: High
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ‘d’ case…
CVE Identifier: CVE-2012-2311
Vulnerability Type(s):
Severity: High
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request….
CVE Identifier: CVE-2012-2329
Vulnerability Type(s):
Severity: Medium
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence….
CVE Identifier: CVE-2012-2335
Vulnerability Type(s):
Severity: High
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ‘T’ case…
CVE Identifier: CVE-2012-2336
Vulnerability Type(s):
Severity: Medium
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors….
CVE Identifier: CVE-2012-0657
Vulnerability Type(s):
Severity: Low
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded….
CVE Identifier: CVE-2012-0658
Vulnerability Type(s):
Severity: Medium
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file….
CVE Identifier: CVE-2012-0659
Vulnerability Type(s):
Severity: Medium
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file….
CVE Identifier: CVE-2012-0660
Vulnerability Type(s):
Severity: Medium
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding….
CVE Identifier: CVE-2012-0661
Vulnerability Type(s):
Severity: Medium
Next Page »
|
Sign up for the Wazi newsletter and get bi-weekly updates on the latest open source news, tutorials, and feature articles delivered to your inbox. |
