Linear eMerge E3 Access Controller Command Injection

Nortek Linear eMerge E3 Unauthenticated Remote Root Code Execution Metasploit by Gjoko 'LiquidWorm' Krstic Affected version: 'Linear eMerge E3 Access Controller Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller...

CVE-2016-5766

Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly ha...

PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write

Exploit for php platform in category dos / poc ''' PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its bzread' function: php-7.0.8/ext/bz2/bz2.c ,---- | 364 static PHPFUNCTIONbzread | 365 | ... | 382 ZSTRLENdata = phpstreamreadstream, ZSTRVALdata, ZSTRLENdata; | 383...

Fedora 23 : php (2016-34a6b65583)

23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...

Fedora 22 : php (2016-99fbdc5c34)

23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...

Debian DSA-3618-1 : php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.23, which includes additional bug fixes. Please refer to the upstream changelog for mor...

[SECURITY] Fedora 24 Update: php-5.6.23-1.fc24

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

Internet Bug Bounty: NULL Pointer Dereference at _gdScaleVert

Upstream bug reports https://bugs.php.net/bug.php?id=72407 Reported to PHP 2016-06-15 Patch: http://git.php.net/?p=php-src.git;a=commit;h=b9ec171e7d25879d97473ca50197c4207420c276 Fixed for PHP 5.5.37 security only mode http://php.net/ChangeLog-5.php5.5.37 Fixed for PHP 5.6.23...

Internet Bug Bounty: CVE-2015-8874 Stack overflow with imagefilltoborder

Reported in 2014 https://bugs.php.net/bug.php?id=66387 A variation was rediscovered this year and reported to PHP and LIBGD: https://bugs.php.net/bug.php?id=72350 https://github.com/libgd/libgd/issues/215 Patches for both issues:...