136 matches found
CVE-2017-15582
In net.MCrypt in the "Diary with lock" aka WriteDiary application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries...
Code injection
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...
CVE-2014-8686
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...
CVE-2014-8686
CodeIgniter vulnerability CVE-2014-8686 (CodeIgniter before 2.2.0) allows attackers to decode and manipulate the ci_session cookie by falling back to a custom XOR-based scheme when the PHP Mcrypt extension is unavailable. Public references describe exploitation via extracting the encryption key, ...
CVE-2014-8686
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...
Information Disclosure
mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system...
USN-3045-1 PHP vulnerabilities | Cloud Foundry
USN-3045-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.18 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker...
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1)
php53 was updated to fix five security issues. These security issues were fixed : - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows bsc986388. - CVE-2015-8935: XSS in header with Internet Explorer bsc986004. - CVE-2016-5772: Double Free Courruption in wddxdeserialize bsc986244. -...
PHP 'ext/mcrypt/mcrypt.c' Heap Overflow Vulnerability
PHP is an open source general-purpose computer scripting language. A heap overflow vulnerability exists in PHP 'ext/mcrypt/mcrypt.c', which allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected application...
PHP '/ext/mcrypt/mcrypt.c' incomplete fix exists for multiple integer overflow vulnerabilities
PHP is an open source general-purpose computer scripting language. PHP '/ext/mcrypt/mcrypt.c' incomplete fix exists for multiple integer overflow vulnerabilities. Allows an attacker to execute arbitrary code within the context of an affected application...
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...
Integer overflow
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...
CVE-2016-5769
CVE-2016-5769: In the PHP mcrypt extension (mcrypt.c), multiple integer overflows enable a crafted length value to cause a heap-based buffer overflow and crash or potentially other impact. Affected: PHP releases prior to 5.5.37, 5.6.x prior to 5.6.23, and 7.x prior to 7.0.8, with the vulnerabilit...
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...
Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. A remote attacke...
Fedora 22 : php (2016-99fbdc5c34)
23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...
Fedora 23 : php (2016-34a6b65583)
23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...
PHP 'mcrypt_generic' function integer overflow vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. An integer overflow vulnerability exists in PHP's mcryptgeneric function, which can be exploited by an attacker to cause a heap buffer overflow...