Lucene search
K

89 matches found

Packet Storm
Packet Storm
added 2015/04/29 12:0 a.m.32 views

PHP SoapFault Type Confusion

Type Confusion Infoleak Vulnerability in unserialize with SoapFault Taoguang Chen - Write Date: 2015.3.1 - Release Date: 2015.4.28 A type confusion vulnerability was discovered in unserialize with SoapFault object's toString magic method that can be abused for leaking arbitrary memory blocks...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/04/29 12:0 a.m.39 views

PHP Exception Type Confusion / Heap Overflow

Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize with exception Taoguang Chen - Write Date: 2015.3.3 - Release Date: 2015.4.28 A type confusion vulnerability was discovered in exception object's toString/getTraceAsString method that can be abused for leaking arbitrary memory...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2015/04/24 1:53 p.m.135 views

Sptoolkit Rebirth - Phishing Education Toolkit

The spt rebirth project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and...

7.3AI score
Exploits0References1
myhack58
myhack58
added 2015/04/06 12:0 a.m.421 views

PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis and use-vulnerability and early warning-the black bar safety net

Today, security researchers released a medium-risk vulnerabilities--PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 in. Typically, the php developer will be the file name suffix, file typeContent-Type, Mime type, file size, etc. to be checked to limit the malicious php script is...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.250 views

PHP 5.4.x < 5.4.39 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.39. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that thi...

7.5CVSS7.8AI score0.42593EPSS
Exploits16References10
Packet Storm
Packet Storm
added 2015/03/22 12:0 a.m.26 views

PHP unserialize() Use-After-Free

Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.2.3 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with a specially defined object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2015/03/18 12:0 a.m.60 views

Internet Bug Bounty: ZIP Integer Overflow leads to writing past heap boundary

https://bugs.php.net/bug.php?id=69253 Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service...

7.5CVSS8.9AI score0.27869EPSS
Exploits1
Hacker One
Hacker One
added 2015/02/27 12:0 a.m.32 views

Internet Bug Bounty: Use after free vulnerability in unserialize() with DateInterval

Use After Free Vulnerability in unserialize with DateInterval Taoguang Chen - Write Date: 2015.2.28 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with DateInterval object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execu...

7.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/25 12:0 a.m.14 views

PHP 5.4.x < 5.4.35 / 5.5.x < 5.5.19 / 5.6.x < 5.6.3 Out-of-Bounds Read

Binary data 8908.prm...

5CVSS7.3AI score0.14013EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/02/25 12:0 a.m.17 views

PHP 5.4.x < 5.4.28 / 5.5.x < 5.5.12 Privilege Escalation

Binary data 9096.prm...

7.2CVSS7.3AI score0.00505EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2015/02/23 12:0 a.m.286 views

PHP DateTime - Use-After-Free

Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...

7.5CVSS7.4AI score0.43146EPSS
Exploits9
Packet Storm
Packet Storm
added 2015/02/20 12:0 a.m.25 views

PHP DateTimeZone Type Confusion Infoleak

Type Confusion Infoleak Vulnerability in unserialize with DateTimeZone Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A Type Confusion Vulnerability was discovered in unserialize with DateTimeZone object's wakeup magic method that can be abused for leaking arbitrary memory blocks...

7.4AI score
Exploits0
Amazon
Amazon
added 2015/02/11 12:0 a.m.70 views

Medium: php54

Issue Overview: sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newlin...

7.5CVSS8.8AI score0.53166EPSS
Exploits12
Hacker One
Hacker One
added 2015/02/03 12:0 a.m.178 views

Internet Bug Bounty: Use After Free Vulnerability in unserialize()

Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.2.3 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with a specially defined object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary...

7.5CVSS8.5AI score0.12303EPSS
Exploits5
Hacker One
Hacker One
added 2015/01/29 12:0 a.m.35 views

Internet Bug Bounty: Use after free vulnerability in unserialize() with DateTimeZone

A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affected Versions ------------ Affected is PHP 5.6 5.6.6 Affecte...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/29 12:0 a.m.128 views

PHP 5.4.x < 5.4.37 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.37. It is, therefore, affected by multiple vulnerabilities: - The CGI component has an out-of-bounds read flaw in file 'cgimain.c' when nmap is used to process an invalid file that begins with a hash...

7.5CVSS7.3AI score0.42593EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2014/11/11 12:0 a.m.36 views

Fedora 19 : php-ZendFramework2-2.2.8-2.fc19 (2014-14043)

Security Fixes - ZF2014-05: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in...

9.8CVSS8.6AI score0.0255EPSS
Exploits1References5
NVD
NVD
added 2014/10/29 10:55 a.m.33 views

CVE-2014-3669

Integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an argument to the unserialize function...

7.5CVSS8AI score0.28862EPSS
Exploits1References26
UbuntuCve
UbuntuCve
added 2014/10/29 12:0 a.m.35 views

CVE-2014-3668

Buffer overflow in the datefromISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash via 1 a crafted first argument to t...

5CVSS7.3AI score0.27018EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2014/08/29 12:0 a.m.84 views

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...

7.5CVSS9.6AI score0.35635EPSS
Exploits19
Rows per page
Query Builder