OpenJDK Serialization inconsistencies (6966692)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

USN-989-1: PHP vulnerabilities

Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. CVE-2010-0397 It was discovered that the...

Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)

Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. Fixed a possible resource destruction issues in shmputvar. Fixed a possible information leak because of...

Mandriva Update for php MDVSA-2010:139 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:139 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities

Binary data 5616.prm...

MOPS-2010-009: PHP shm_put_var&#40;&#41; Already Freed Resource Access Vulnerability

MOPS-2010-009: PHP shmputvar Already Freed Resource Access Vulnerability May 5th, 2010 When PHP’s shmputvar function is interrupted by an object’s sleep function it can destroy the shm resource used by this function which allows to write an arbitrary memory address. Affected versions Affected is...

PHP 4.x < 4.4.5, 5.x < 5.2.1 Heap Information Leak Vulnerability

PHP SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100603";...

Sun Java JRE getSoundbank file:// URI Buffer Overflow

$Id: javagetsoundbankbof.rb 7903 2009-12-17 05:22:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

eqdkp-bypass.txt

...

CVE-2008-0057

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...

Integer overflow

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...

CVE-2008-0057

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...

CVE-2008-0057

The CVE describes multiple integer overflows in the legacy serialization format parser of AppKit on Apple Mac OS X 10.4.11, allowing remote attackers to execute arbitrary code via a crafted serialized property list. The provided sources confirm the affected component (AppKit) and version (Mac OS ...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 3851)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR containing several bugfixes, including following security fixes : - A buffer overflow vulnerability in the JavaTM Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself...

SuSE 10 Security Update : Java (ZYPP Patch Number 3891)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the JavaTM Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself...

openSUSE 10 Security Update : mono-core (mono-core-2182)

The Mono System.Xml.Serialization class contained a /tmp race which allows local attackers to potentially execute code as the user using the Serialization method. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

CVE-2007-1380

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

CVE-2007-1380

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

CVE-2007-1380

Technical details about CVE-2007-1380 are not publicly available in the provided connected documents. The initial description mentions a buffer over-read in php_binary serialization within PHP session handling, but no vendor/version/impact/fix specifics are given here. Monitor for updates.