106 matches found
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free
Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affect...
PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free
Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date: 2015.8.27 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and crafted object's wakeup magic method that ca...
PHP 5.6 / 5.5 / 5.4 Session Deserialized Use-After-Free
Use After Free Vulnerabilities in Session Deserializer Taoguang Chen - Write Date: 2015.8.9 - Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in session deserializer php/phpbinary/phpserialize that can be abused for leaking arbitrary memory blocks or execute arbitra...
PHP 5.6 / 5.5 / 5.4 unserialize() Use-After-Free
Use After Free Vulnerabilities in unserialize Taoguang Chen - Write Date: 2015.7.31 - Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely...
PHP SplDoublyLinkedList Use-After-Free Exploit
A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date...
PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)
According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.11. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as 'BACKRONYM', exists due to a failure to properly enforce the requirement of an SSL/TL...
PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities
Binary data 8787.prm...
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...
PHP Exception Type Confusion / Heap Overflow
Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize with exception Taoguang Chen - Write Date: 2015.3.3 - Release Date: 2015.4.28 A type confusion vulnerability was discovered in exception object's toString/getTraceAsString method that can be abused for leaking arbitrary memory...
PHP SoapFault Type Confusion
Type Confusion Infoleak Vulnerability in unserialize with SoapFault Taoguang Chen - Write Date: 2015.3.1 - Release Date: 2015.4.28 A type confusion vulnerability was discovered in unserialize with SoapFault object's toString magic method that can be abused for leaking arbitrary memory blocks...
PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis and use-vulnerability and early warning-the black bar safety net
Today, security researchers released a medium-risk vulnerabilities--PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 in. Typically, the php developer will be the file name suffix, file typeContent-Type, Mime type, file size, etc. to be checked to limit the malicious php script is...
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
PHP 5.6.x < 5.6.7 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.7. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this...
PHP unserialize() Use-After-Free
Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.2.3 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with a specially defined object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary...
Internet Bug Bounty: ZIP Integer Overflow leads to writing past heap boundary
https://bugs.php.net/bug.php?id=69253 Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service...
CVE-2015-2301
Use-after-free vulnerability in the pharrenamearchive function in pharobject.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of...
Internet Bug Bounty: Use after free vulnerability in unserialize() with DateInterval
Use After Free Vulnerability in unserialize with DateInterval Taoguang Chen - Write Date: 2015.2.28 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with DateInterval object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execu...
PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)
According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchantbrokerrequestdict function in ext/enchant/enchant.c could allow a remote attacker to cause a...
PHP DateTime - Use-After-Free
Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...
PHP DateTimeZone Type Confusion Infoleak
Type Confusion Infoleak Vulnerability in unserialize with DateTimeZone Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A Type Confusion Vulnerability was discovered in unserialize with DateTimeZone object's wakeup magic method that can be abused for leaking arbitrary memory blocks...