526 matches found
PHP 5.4.x < 5.4.27, 5.5.x < 5.5.12 Privilege Escalation Vulnerability
PHP is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
CVE-2014-0185
sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client...
CVE-2014-0185
sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client...
CVE-2014-0185
CVE-2014-0185 affects the PHP FastCGI Process Manager (FPM), specifically sapi/fpm/fpm/fpm_unix.c. It uses 0666 permissions on the UNIX socket in PHP versions before 5.4.28 and 5.5.x before 5.5.12, allowing local users to gain privileges via a crafted FastCGI client. Remediation: upgrade to PHP 5...
PHP 5.4.x < 5.4.28 FPM Unix Socket Insecure Permission Escalation
According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.28. It is, therefore, potentially affected by a permission escalation vulnerability. A flaw exists within the FastCGI Process Manager FPM when setting permissions for a Unix socket. This could...
PHP 5.5.x < 5.5.12 FPM Unix Socket Insecure Permission Escalation
According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.12. It is, therefore, potentially affected by a permission escalation vulnerability. A flaw exists within the FastCGI Process Manager FPM when setting permissions for a Unix socket. This could...
mysql security and bug fix update
5.1.73-3 - Fixes for CVE-2014-0001 Resolves: 1055880 5.1.73-2 - Make mysqld init script more robust and ignore existing but non-being-used unix socket file Resolves: 1058719 5.1.73-1 - Update to MySQL 5.1.73, for various fixes described at...
Oracle Linux 5 : kernel (ELSA-2011-0303)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0303 advisory. - net fix unix socket local dos Neil Horman 656759 656760 CVE-2010-4249 - net core: clear allocs for privileged ethtool actions Jiri Pirko 672432 67243...
LG Android Backup Software Vulnerable to Root Exploit
A vulnerability in backup software installed on some LG Android smartphones could enable an attacker with access to the device to gain root privileges. Sprite Software’s AndroidBackup tool is installed by OEM on a number of LG Optimus, Mach, Lollipop, and Prada devices. The backup tool, in...
PT-2013-3491 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.6 Description: The issue allows local users to bypass intended access restrictions by leveraging a time interval during which a user namespace has been created but a PID namespace has not been created. This ...
lighthttpd symbolic links vulnerabilities
Unix socket with fixed name is created in world-writable directory...
Debian DSA-2399-2 : php5 - several vulnerabilities
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. - CVE-2011-2483 The...
FreeBSD : FreeBSD -- Buffer overflow in handling of UNIX socket addresses (f56390a4-4638-11e1-9f47-00e0815b8da8)
When a UNIX-domain socket is attached to a location using the bind2 system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. Linux uses a larger socket address structure for UNIX-domain...
DSA-2399-1 php5 - several
Bulletin has no description...
php: stack-based buffer overflow in socket_connect()
Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...
CVE-2011-4062
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service panic or possibly gain privileges via a bind system call with a long pathname for a UNIX socket...
CVE-2011-4062
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service panic or possibly gain privileges via a bind system call with a long pathname for a UNIX socket...
CVE-2011-4062
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service panic or possibly gain privileges via a bind system call with a long pathname for a UNIX socket...
CVE-2011-4062
CVE-2011-4062 affects FreeBSD kernels 7.3–9.0-RC1 via a buffer overflow in the Linux emulation binding path for UNIX sockets, enabling local denial of service (panic) and potentially privilege escalation. Affected component: kernel Linux emulation support; root cause: poorly handled long bind() p...
CVE-2011-4062
Removed by vendor...