Null pointer dereference

Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or trigger unintended method execution via crafted...

CVE-2015-8876

Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or trigger unintended method execution via crafted...

CVE-2015-8835

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...

Type confusion

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...

DEBIAN-CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service buffer underflow and memory corruption via an ANY field in crafted serialized data, aka the "negative zero" issue...

Memory corruption

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service buffer underflow and memory corruption via an ANY field in crafted serialized data, aka the "negative zero" issue...

CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service buffer underflow and memory corruption via an ANY field in crafted serialized data, aka the "negative zero" issue...

OpenSSL 1.0.1 < 1.0.1o Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.1o. It is, therefore, affected by a vulnerability as referenced in the 1.0.1o advisory. - The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a deni...

CVE-2016-0792

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Arbitrary Code Execution Vulnerabilities

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...

Atlassian Bamboo Ignite Realtime Smack XMPP API Arbitrary Code Execution Vulnerability

Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability in the Ignite Realtime Smack XMPP API used in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x prior to 5.10.0 can be exploited by remote attackers to execute arbitrary Java code...

Drupal Core Session Data Hijacking Vulnerability

Drupal is a free and open source content management system developed in PHP. A session data hijacking vulnerability exists in Drupal Core. In some older versions of PHP, user-supplied session data stored in Drupal could be serialized, leading to remote code execution...

CVE-2015-8360

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port...

CVE-2015-8360

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port...

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

CVE-2015-6836

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/splarray.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field...

Type confusion

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

Design/Logic Flaw

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/splarray.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field...