Internet Bug Bounty: Invalid memory access in php_basename function

https://bugs.php.net/bug.php?id=73295...

Wordpress <= 4.6.1 using the language file arbitrary code execution vulnerability

Author: p0wd3r know Chong Yu 404 security lab 0x00 vulnerability overview 1. Vulnerability description WordPress is a PHP and MySQL as a platform free and open source blogging software and content management system, recently in github...

SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

CVE-2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...

PHP 'openssl_encrypt()' Function Information Disclosure Vulnerability - Windows

PHP is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...