Lucene search
K

106 matches found

Amazon
Amazon
added 2015/02/11 12:0 a.m.70 views

Medium: php54

Issue Overview: sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newlin...

7.5CVSS8.8AI score0.53166EPSS
Exploits12
Hacker One
Hacker One
added 2015/02/03 12:0 a.m.178 views

Internet Bug Bounty: Use After Free Vulnerability in unserialize()

Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.2.3 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with a specially defined object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary...

7.5CVSS8.5AI score0.12303EPSS
Exploits5
Hacker One
Hacker One
added 2015/01/29 12:0 a.m.36 views

Internet Bug Bounty: Use after free vulnerability in unserialize() with DateTimeZone

A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affected Versions ------------ Affected is PHP 5.6 5.6.6 Affecte...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.542 views

PHP 5.6.x < 5.6.4 'process_nested_data' RCE

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.4. It is, therefore, affected by a use-after-free error in the 'processnesteddata' function within 'ext/standard/varunserializer.re' due to improper handling of duplicate keys within the serialized...

7.5CVSS7.6AI score0.53166EPSS
Exploits8References4
NVD
NVD
added 2014/10/29 10:55 a.m.34 views

CVE-2014-3669

Integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an argument to the unserialize function...

7.5CVSS8AI score0.28862EPSS
Exploits1References26
UbuntuCve
UbuntuCve
added 2014/10/29 12:0 a.m.36 views

CVE-2014-3668

Buffer overflow in the datefromISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash via 1 a crafted first argument to t...

5CVSS7.3AI score0.27018EPSS
Exploits1References2
Rows per page
Query Builder