Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
Max CVSS
9.3
EPSS Score
76.90%
Published
2008-02-08
Updated
2017-09-29

CVE-2008-5711

Public exploit
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
Max CVSS
9.3
EPSS Score
28.38%
Published
2008-12-24
Updated
2017-09-29
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.
Max CVSS
7.5
EPSS Score
0.17%
Published
2014-12-28
Updated
2014-12-30
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-12-28
Updated
2014-12-30
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-12-28
Updated
2014-12-30
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function.
Max CVSS
7.5
EPSS Score
0.51%
Published
2014-12-28
Updated
2014-12-30
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.
Max CVSS
5.0
EPSS Score
0.25%
Published
2014-12-28
Updated
2014-12-30
Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes the significance of this report, because the user must accept an interstitial warning before the HTML file content is rendered, and because the HTML content's origin is a sandbox domain
Max CVSS
4.3
EPSS Score
0.12%
Published
2014-09-15
Updated
2024-03-21
Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function.
Max CVSS
4.3
EPSS Score
0.31%
Published
2015-04-13
Updated
2016-06-24
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
0.34%
Published
2017-02-17
Updated
2017-02-22
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-02-17
Updated
2017-02-22
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-02-17
Updated
2017-02-22
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-02-17
Updated
2017-02-22
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-02-17
Updated
2017-02-22
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-02-17
Updated
2017-02-22
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-02-19
Updated
2020-03-05
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-02-19
Updated
2020-03-05
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
Max CVSS
9.8
EPSS Score
0.30%
Published
2019-11-19
Updated
2019-11-21
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).
Max CVSS
5.3
EPSS Score
7.16%
Published
2020-02-19
Updated
2020-03-06
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
Max CVSS
9.8
EPSS Score
0.25%
Published
2018-12-31
Updated
2019-10-09
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
Max CVSS
5.9
EPSS Score
0.10%
Published
2018-12-03
Updated
2019-10-09
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.
Max CVSS
9.8
EPSS Score
0.48%
Published
2018-12-31
Updated
2019-10-09
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
Max CVSS
9.8
EPSS Score
0.20%
Published
2018-12-31
Updated
2019-10-09
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
Max CVSS
7.5
EPSS Score
0.11%
Published
2018-12-31
Updated
2019-10-09
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-12-31
Updated
2019-10-09
120 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!