Emmanuel Law

#12504of 53,638
21.8Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2015-3425
7.5
2015-04-20
Php · Php · CVE-2015-3329
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.40 PHP versions 5.5.x prior to 5.5.24 PHP versions 5.6.x prior to 5.6.8 **Description** The issue is caused by multiple stack-based buffer overflows in the `phar set inode` function, allowing remote attackers to execute arbitrary code via a crafted length value in a tar, phar, or ZIP archive. This can be exploited by a remote attacker to gain control over the system. **Recommendations** For PHP versions prior to 5.4.40, update to version 5.4.40 or later. For PHP versions 5.5.x prior to 5.5.24, update to version 5.5.24 or later. For PHP versions 5.6.x prior to 5.6.8, update to version 5.6.8 or later.
PT-2015-3419
7.5
2015-03-20
Libzip · Libzip · CVE-2015-2331
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.39 PHP versions 5.5.x prior to 5.5.23 PHP versions 5.6.x prior to 5.6.7 libzip versions 0.11.2 and earlier **Description** The issue is related to an integer overflow in the ` zip cdir new` function, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code. This can be achieved by using a ZIP archive that contains many entries, leading to a heap-based buffer overflow. **Recommendations** For PHP versions prior to 5.4.39, update to version 5.4.39 or later. For PHP versions 5.5.x prior to 5.5.23, update to version 5.5.23 or later. For PHP versions 5.6.x prior to 5.6.7, update to version 5.6.7 or later. For libzip versions 0.11.2 and earlier, update to a version later than 0.11.2. As a temporary workaround, consider restricting the use of ZIP archives with a large number of entries to minimize the risk of exploitation.
PT-2014-3252
6.8
2014-11-04
Axway · Axway Securetransport · CVE-2013-7057
**Name of the Vulnerable Software and Affected Versions** Axway SecureTransport versions 5.1 SP2 and earlier **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of users for requests that upload arbitrary files via a crafted request to "api/v1.0/files/". **Recommendations** For Axway SecureTransport versions 5.1 SP2 and earlier, update to a version later than 5.1 SP2 to resolve the issue.