The vulnerability of the ftp_genlist function in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the ftpgenlist function ext/ftp/ftp.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PHP ftp_genlist method Integer Overflow (CVE-2015-4022)

A code execution vulnerability exists in PHP's ftpgenlist method. The vulnerability is due to lack of integer overflow detection when calculating the size of the response to the FTP LIST command. A remote attacker can exploit the vulnerability by hosting an FTP server and sending crafted ata to a...

PHP 'ftp_genlist()' function integer overflow vulnerability

PHP is a general-purpose scripting language. An integer overflow security vulnerability exists in the PHP 'ftpgenlist' function, which can be exploited by a remote attacker to submit a special request to execute arbitrary code in the context of an application...

CVE-2015-4643

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)

PHP 5.3 was updated to fix multiple security issues : bnc931776: pcntlexec does not check path validity CVE-2015-4026 bnc931772: overflow in ftpgenlist resulting in heap overflow CVE-2015-4022 bnc931769: memory corruption in pharparsetarfile when entry filename starts with NULL CVE-2015-4021...

CVE-2015-4022

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow...

PHP 5.6.x < 5.6.9 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...

PHP 5.4.x < 5.4.41 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...

Internet Bug Bounty: Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)

https://bugs.php.net/bug.php?id=69545...

Internet Bug Bounty: Integer overflow in ftp_genlist() resulting in heap overflow

https://bugs.php.net/bug.php?id=69545 Description: ------------ The ftpgenlist function of the ftp extension is prone to an integer overflow, which may result in remote code execution. ext/ftp/ftp.c:ftpgenlist... 1826 size = 0; 1827 lines = 0; 1828 lastch = 0; 1829 while rcvd = myrecvftp, data-fd...