17 matches found
Linux Distros Unpatched Vulnerability : CVE-2012-2335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and...
SUSE: Security Advisory (SUSE-SU-2012:0840-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : php5 (openSUSE-2012-288)
The patch for CVE-2012-1823 was incomplete, this update fixes the remaining bits CVE-2012-2335, CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-288. The text...
Apache PHP-CGI Remote Code Execution
The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc. %NASLMINLEVEL 70300 ...
HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)
According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.2.1.0. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and...
[security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 2 HPSBMU02900 rev....
SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6316)
PHP5 was updated with incremental fixes to the previous update : - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network...
Gentoo Security Advisory GLSA 201209-03 (php)
The remote host is missing updates announced in advisory GLSA 201209-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Mandriva Update for php MDVSA-2012:068-1 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2012:068-1 php Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Mandriva Update for php MDVSA-2012:068-1 (php)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Ubuntu: Security Advisory (USN-1481-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8133)
PHP5 was updated with incremental fixes to the previous update : - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network...
PHP php-cgi Query String Parameter Code Execution (CVE-2012-1823; CVE-2012-2311; CVE-2012-2335; CVE-2012-2336; CVE-2013-4878)
A remote code execution vulnerability has been reported in PHP. The vulnerability is due to the improper parsing and filtering of query strings by PHP. A remote attacker may exploit this issue by sending crafted HTTP requests. Successful exploitation would allow an attacker to execute arbitrary...
CVE-2012-2335
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with a +...
CVE-2012-2335
CVE-2012-2335 affects PHP when executed via CGI; php-wrapper.fcgi mishandles command-line arguments, enabling remote code execution by exploiting interaction between sapi/cgi/cgi_main.c and a query string starting with a +-, affecting PHP 5.3.12 and 5.4.2. The description notes that an attacker c...
Mandriva Linux Security Advisory : php (MDVSA-2012:068-1)
A vulnerability has been found and corrected in php-cgi : PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary...
PHP < 5.3.13, 5.4.x < 5.4.3 Multiple Vulnerabilities - Active Check
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103482"...