Lucene search
K

526 matches found

OpenVAS
OpenVAS
added 2014/05/08 12:0 a.m.35 views

PHP 5.4.x < 5.4.27, 5.5.x < 5.5.12 Privilege Escalation Vulnerability

PHP is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

7.2CVSS8.8AI score0.00505EPSS
Exploits1References4
NVD
NVD
added 2014/05/06 10:44 a.m.16 views

CVE-2014-0185

sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client...

7.2CVSS8.8AI score0.00505EPSS
Exploits1References12
Cvelist
Cvelist
added 2014/05/06 10:0 a.m.25 views

CVE-2014-0185

sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client...

6AI score0.00505EPSS
Exploits1References12
CVE
CVE
added 2014/05/06 10:0 a.m.195 views

CVE-2014-0185

CVE-2014-0185 affects the PHP FastCGI Process Manager (FPM), specifically sapi/fpm/fpm/fpm_unix.c. It uses 0666 permissions on the UNIX socket in PHP versions before 5.4.28 and 5.5.x before 5.5.12, allowing local users to gain privileges via a crafted FastCGI client. Remediation: upgrade to PHP 5...

7.2CVSS6.2AI score0.00505EPSS
Exploits1References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/05/05 12:0 a.m.35 views

PHP 5.4.x < 5.4.28 FPM Unix Socket Insecure Permission Escalation

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.28. It is, therefore, potentially affected by a permission escalation vulnerability. A flaw exists within the FastCGI Process Manager FPM when setting permissions for a Unix socket. This could...

7.2CVSS8.1AI score0.00505EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/05/05 12:0 a.m.72 views

PHP 5.5.x < 5.5.12 FPM Unix Socket Insecure Permission Escalation

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.12. It is, therefore, potentially affected by a permission escalation vulnerability. A flaw exists within the FastCGI Process Manager FPM when setting permissions for a Unix socket. This could...

7.2CVSS8.1AI score0.00505EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2014/02/12 12:0 a.m.52 views

mysql security and bug fix update

5.1.73-3 - Fixes for CVE-2014-0001 Resolves: 1055880 5.1.73-2 - Make mysqld init script more robust and ignore existing but non-being-used unix socket file Resolves: 1058719 5.1.73-1 - Update to MySQL 5.1.73, for various fixes described at...

7.5CVSS0.4AI score0.06353EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.46 views

Oracle Linux 5 : kernel (ELSA-2011-0303)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0303 advisory. - net fix unix socket local dos Neil Horman 656759 656760 CVE-2010-4249 - net core: clear allocs for privileged ethtool actions Jiri Pirko 672432 67243...

7.8CVSS6AI score0.03922EPSS
Exploits3References5
ThreatPost
ThreatPost
added 2013/06/25 3:59 p.m.10 views

LG Android Backup Software Vulnerable to Root Exploit

A vulnerability in backup software installed on some LG Android smartphones could enable an attacker with access to the device to gain root privileges. Sprite Software’s AndroidBackup tool is installed by OEM on a number of LG Optimus, Mach, Lollipop, and Prada devices. The backup tool, in...

7.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2013/04/24 12:0 a.m.5 views

PT-2013-3491 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.6 Description: The issue allows local users to bypass intended access restrictions by leveraging a time interval during which a user namespace has been created but a PID namespace has not been created. This ...

1.9CVSS6AI score0.0034EPSS
Exploits1References7
securityvulns
securityvulns
added 2013/03/19 12:0 a.m.31 views

lighthttpd symbolic links vulnerabilities

Unix socket with fixed name is created in world-writable directory...

1.9CVSS1.1AI score0.00349EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/02/01 12:0 a.m.50 views

Debian DSA-2399-2 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. - CVE-2011-2483 The...

7.5CVSS8.3AI score0.83911EPSS
Exploits32References13
Tenable Nessus
Tenable Nessus
added 2012/01/31 12:0 a.m.22 views

FreeBSD : FreeBSD -- Buffer overflow in handling of UNIX socket addresses (f56390a4-4638-11e1-9f47-00e0815b8da8)

When a UNIX-domain socket is attached to a location using the bind2 system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. Linux uses a larger socket address structure for UNIX-domain...

5.6AI score
Exploits0References1
OSV
OSV
added 2012/01/31 12:0 a.m.63 views

DSA-2399-1 php5 - several

Bulletin has no description...

7.5CVSS8.3AI score0.83911EPSS
Exploits32
RedHat Linux
RedHat Linux
added 2011/11/02 10:15 p.m.8 views

php: stack-based buffer overflow in socket_connect()

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

7.5CVSS6.4AI score0.22724EPSS
Exploits13References4
NVD
NVD
added 2011/10/18 1:55 a.m.16 views

CVE-2011-4062

Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service panic or possibly gain privileges via a bind system call with a long pathname for a UNIX socket...

7.2CVSS6.7AI score0.0093EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2011/10/18 1:55 a.m.20 views

CVE-2011-4062

Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service panic or possibly gain privileges via a bind system call with a long pathname for a UNIX socket...

7.2CVSS5.9AI score0.0093EPSS
Exploits1References1
Cvelist
Cvelist
added 2011/10/18 1:0 a.m.27 views

CVE-2011-4062

Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service panic or possibly gain privileges via a bind system call with a long pathname for a UNIX socket...

6.6AI score0.0093EPSS
Exploits1References9
CVE
CVE
added 2011/10/18 1:0 a.m.59 views

CVE-2011-4062

CVE-2011-4062 affects FreeBSD kernels 7.3–9.0-RC1 via a buffer overflow in the Linux emulation binding path for UNIX sockets, enabling local denial of service (panic) and potentially privilege escalation. Affected component: kernel Linux emulation support; root cause: poorly handled long bind() p...

7.2CVSS6.9AI score0.0093EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2011/10/18 1:0 a.m.16 views

CVE-2011-4062

Removed by vendor...

7.2CVSS6.7AI score0.0093EPSS
Exploits1
Rows per page
Query Builder