EUVD-2016-6704

Malware in sbrugna...

K21042398: PHP vulnerability CVE-2016-5769

Security Advisory Description Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...

SUSE CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

SUSE-RU-2019:0823-1 Optional update for php72

This update provides PHP 7.2 and subpackages to the SUSE Linux Enterprise 12 Web and Scripting Module. It is a replacement of the php7 packages, the packages do not co-exist. The mcrypt extensions was removed in PHP 7.2...

USN-3045-1 PHP vulnerabilities | Cloud Foundry

USN-3045-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.18 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker...

PHP 'ext/mcrypt/mcrypt.c' Heap Overflow Vulnerability

PHP is an open source general-purpose computer scripting language. A heap overflow vulnerability exists in PHP 'ext/mcrypt/mcrypt.c', which allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected application...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

Integer overflow

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

UBUNTU-CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

FreeBSD : codeigniter -- multiple vulnerabilities (f838dcb4-656f-11e5-9909-002590263bf5)

The CodeIgniter changelog reports : Security: The xorencode method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed. Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum. %NASLMINLEVEL 70300 C Tenable...

ESPCMS的最新版后台登入绕过

简要描述： 8.25 V6.4.15.08.25 捡漏 详细说明： 在加密算法那 ，一般情况下我们是不能再还原出key了。 他加了这么一段代码 function eccode$string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%', $mcrype = true $result = null; if $operation == 'ENCODE' if extensionloaded'mcrypt' && $mcrype $result = $this-encryptCookie$string, $key; else...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Security: The xorencode method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed. Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...