Internet Bug Bounty: Null Pointer Dereference in PHP Session Upload Progress

Affected Versions ------------ Affected is all of PHP5.4/5.5/5.6 Affected is all of PHP7 Credits ------------ This vulnerability was disclosed by Taoguang Chen. Description ------------ session.c static int phpsessionrfc1867callbackunsigned int event, void eventdata, void extra / / ... switcheven...

PHP 5.4.x < 5.4.0 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities : - cryptblowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers ...

pcc - PHP Secure Configuration Checker

Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on CLI. Author This software was written by Ben Fuhrmannek, SektionEins GmbH, in an effort to automate php.ini checks and spend more time on cheerful tasks. Idea one single file for ea...

Code injection

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite aka Invision Power Board, IPB, or Power Board before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the contentclass parameter...

CVE-2015-6835

CVE-2015-6835 affects PHP session deserialization. The session deserializer mishandles multiple php_var_unserialize calls, allowing use-after-free via crafted session data and enabling remote code execution or DoS. Affected: PHP 5.4.45 and 5.5.x before 5.5.29, 5.6.x before 5.6.13. Mitigation: upg...

Modern Vulnerable Web App: Hackazon

Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and...

PHP SplObjectStorage unserialize() Use-After-Free Vulnerabilities

Exploit for php platform in category dos / poc Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and...

PHP Session Deserializer - Use-After-Free

PHP Session Deserializer - Use-After-Free Use After Free Vulnerabilities in Session Deserializer Taoguang Chen Write Date: 2015.8.9 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in session deserializer php/phpbinary/phpserialize that can be abused for leaking...

PHP 5.45.55.6 - Unserialize() Use-After-Free

PHP 5.45.55.6 - Unserialize Use-After-Free Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks...

PHP 5.4/5.5/5.6 - &#039;Unserialize()&#039; Use-After-Free

Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affect...

PHP unserialize() Use-After-Free Vulnerabilities

Exploit for php platform in category dos / poc Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory...

Amazon Linux: Security Advisory (ALAS-2014-415)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : drupal6-ctools-1.14-1.fc23 (2015-14329)

See Ctools - Critical - Multiple Vulnerabilities - SA- CONTRIB-2015-141. This is an incremental security and bugfix release for ctools. Looking to fix future D6 CTools issues? Find japerry or merlinofchaos in drupal-scotch, drupal- contribute, or drupal-panels -- and become a maintainer for D6...

PHP 5.6 / 5.5 / 5.4 Session Deserialized Use-After-Free

Use After Free Vulnerabilities in Session Deserializer Taoguang Chen - Write Date: 2015.8.9 - Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in session deserializer php/phpbinary/phpserialize that can be abused for leaking arbitrary memory blocks or execute arbitra...

PHP 5.6 / 5.5 / 5.4 unserialize() Use-After-Free

Use After Free Vulnerabilities in unserialize Taoguang Chen - Write Date: 2015.7.31 - Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely...

PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free

Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date: 2015.8.27 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and crafted object's wakeup magic method that ca...

PHP 5.4.x < 5.4.44 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.4.x prior to 5.4.44. It is, therefore, affected by multiple vulnerabilities: - Multiple use-after-free vulnerabilities exist in the SPL component, due to improper handling of a specially crafted serialized object. A...

PHP SplDoublyLinkedList Use-After-Free Exploit

A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date...

BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability

Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability Date: 2015/06/16 Vendor Homepage: http://blackcat-cms.org/ Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms2fo3PXdKj1.zip Version: v1.1.1 Tested on: Centos 6.5,PHP 5.4.41 Category: webapps Description...

PHP 5.4.x < 5.4.41 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...