CVE-2018-20783

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to pharparsepharfile in...

Internet Bug Bounty: Null Pointer Dereference in phar_create_or_parse_filename

The original report is here https://bugs.php.net/bug.php?id=77396 Description: ------------ Please use these poc file: https://drive.google.com/file/d/1bzw-j4FtV7PEf6SW2GYmDVKtMybmbKnl/view?usp=sharing Test script: --------------- USEZENDALLOC=0 ../../php-7.1.25/sapi/cli/php -r '$phar=new...

Live Call Support 1.5 Code Execution / SQL Injection

Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link: https://codecanyon.net/item/live-call-support-widget-software-online-calling-web-application/22532799 Version: 1...