106 matches found
Internet Bug Bounty: Integer underflow / arbitrary null write in fread/gzread
https://bugs.php.net/bug.php?id=72114 Integer underflow in the fread/gzread length parameter allows to write an arbitrary null byte on 64 bit platforms. This was identified with the help of ASAN and a custom fuzzer. gdb run gzread2.php Starting program: /home/operac/php/php-56/sapi/cli/php...
CVE-2015-8878
main/phpopentemporaryfile.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service race condition and heap memory corruption by leveraging an application that performs many temporary-file accesses...
Code injection
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...
CVE-2015-6835
CVE-2015-6835 affects PHP session deserialization. The session deserializer mishandles multiple php_var_unserialize calls, allowing use-after-free via crafted session data and enabling remote code execution or DoS. Affected: PHP 5.4.45 and 5.5.x before 5.5.29, 5.6.x before 5.6.13. Mitigation: upg...
Internet Bug Bounty: xml_parse_into_struct segmentation fault
https://bugs.php.net/bug.php?id=72099 Invalid memory access while parsing XML input using xmlparseintostruct, parser-level wasn't being checked and then used as an offset parser-ltagsparser-level-1. Reported to developers on 2016-04-25, fixed 2016-04-25 and released at 2016-04-28, affected PHP 5....
Internet Bug Bounty: Out-of-bounds reads in zif_grapheme_stripos with negative offset
https://bugs.php.net/bug.php?id=72061 graphemestripos from the intl extension had a security issue when handling negative offsets, this allowed to read from arbitrary memory locations. Reported to developers on 2016-04-24, fixed 2016-04-29 and released at 2016-04-28, affected PHP 5.5 , 5.6 and 7...
Code injection
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation...
CVE-2016-3171
Removed by vendor...
PHP 5.6.x < 5.6.19 Denial of Service
Binary data 9175.prm...
PHP 5.6.x < 5.6.20 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.20. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...
PHP 5.6.x < 5.6.18 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...
PHP 5.6.x < 5.6.13 Use-After-Free Vulnerability
Binary data 9066.prm...
[SECURITY] [DSA 3380-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3380-1 [email protected] https://www.debian.org/security/ Florian Weimer October 27, 2015 https://www.debian.org/security/faq -...
PHP 5.6.x < 5.6.13 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.13. It is, therefore, affected by multiple vulnerabilities : - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c could allow a remote attacker to create...
PHP 5.45.55.6 - SplDoublyLinkedList Unserialize() Use-After-Free
PHP 5.45.55.6 - SplDoublyLinkedList Unserialize Use-After-Free Yet Another Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object...
PHP unserialize() Use-After-Free Vulnerabilities
Exploit for php platform in category dos / poc Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory...
PHP Session Deserializer - Use-After-Free
PHP Session Deserializer - Use-After-Free Use After Free Vulnerabilities in Session Deserializer Taoguang Chen Write Date: 2015.8.9 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in session deserializer php/phpbinary/phpserialize that can be abused for leaking...
PHP SplObjectStorage unserialize() Use-After-Free Vulnerabilities
Exploit for php platform in category dos / poc Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and...
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free
Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affect...
PHP GMP - 'unserialize()' Use-After-Free
Use After Free Vulnerability in unserialize with GMP Taoguang Chen Write Date: 2015.8.17 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely...