16 matches found
PHP 5.6.x < 5.6.18 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...
PHP 7.0.x < 7.0.11 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....
Internet Bug Bounty: Out of bound when verify signature of tar phar in phar_parse_tarfile
https://bugs.php.net/bug.php?id=73035 There was a security code in pharparsetarfile if FAILURE == pharverifysignaturefp, phpstreamtellfp - size - 512, myphar-sigflags, buf + 8, size - 8, fname, &myphar-signature, &myphar-siglen, error if error char save = error; spprintferror, 4096, "phar error:...
Amazon Linux: Security Advisory (ALAS-2016-685)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP 7.0.x < 7.0.3 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.3. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...
PHP phar_parse_tarfile method Integer Overflow (CVE-2015-4021)
An integer overflow vulnerability exists in PHP. The vulnerability is due to an issue with the parsing of TAR files by pharparsetarfile. A remote attacker can exploit the vulnerability by sending crafted data to a web application running a vulnerable version of PHP. Successful exploitation could...
php: memory corruption in phar_parse_tarfile caused by empty entry file name
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...
PHP 5.4.x < 5.4.41 / 5.5.x < 5.5.25 Multiple Vulnerabilities
Binary data 8785.prm...
PHP < 5.4.41, 5.5.x < 5.5.25, 5.6.x < 5.6.9 Multiple Vulnerabilities - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)
PHP 5.3 was updated to fix multiple security issues : bnc931776: pcntlexec does not check path validity CVE-2015-4026 bnc931772: overflow in ftpgenlist resulting in heap overflow CVE-2015-4022 bnc931769: memory corruption in pharparsetarfile when entry filename starts with NULL CVE-2015-4021...
CVE-2015-4021
The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service integer underflow and memory...
CVE-2015-4021
The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service integer underflow and memory...
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...
PHP 5.4.x < 5.4.41 Multiple Vulnerabilities
According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...
Internet Bug Bounty: Memory Corruption in phar_parse_tarfile when entry filename starts with null
https://bugs.php.net/bug.php?id=69453...
PHP 'phar' Extension 1.1.1 - Heap Overflow
from: http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html version PHP: 5.3.6 version phar ext.: 1.1.1 site: http://php.net/ source code: http://windows.php.net/downloads/releases/php-5.3.6-src.zip An integer overflow vulnerability leading to a heap overflow in the file...