php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

php: SoapClient's do_soap_call() type confusion after unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: use after free vulnerability in unserialize() with DateTimeZone

A use-after-free flaw was found in the unserialize function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: heap buffer overflow in enchant_broker_request_dict()

A heap buffer overflow flaw was found in the enchantbrokerrequestdict function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash...

php: regressions in 5.4+

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: pcntl_exec() accepts paths with NUL character

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: buffer over-read in Phar metadata parsing

A buffer over-read flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: SoapClient's __call() type confusion through unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: Incomplete Class unserialization type confusion

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: regressions in 5.4+

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

PHP Null Pointer Reference Limit Bypass Vulnerability

PHP is a general-purpose scripting language. A security vulnerability exists in PHP due to a missing path in multiple extensions of the program or a null byte check in the path parameter of certain functions, which allows remote attackers to bypass target file system access restrictions and acces...

Multiple Memory Corruption Vulnerabilities in PHP SOAP Access

PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...

PHP OS Command Injection Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from an OS command injection vulnerability in its implementation, which can be exploited by an attacker to execute arbitrary OS commands in the...

ApPHP Hotel Site 3.x.x SQL Injection

ApPHP Hotel site SQLi Vulnerability ApPHP Hotel Site is an Hotel application programs using PHP Language. title : ApPHP Hotel Site v.3.x.x. godork : ".php?pid=" "ApPHP Hotel Site" Affected version : v.3.x.x tested site : http://www.hotelbran.com/index.php?pid=%27null python sqlmap.py -u...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: invalid pointer free() in phar_tar_process_metadata()

An invalid free flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

PHP '__toString()' Function Type Obfuscation Information Disclosure Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from a type confusion vulnerability in the 'toString' function. An attacker can exploit this vulnerability to obtain vulnerability information...

UBUNTU-CVE-2015-3330

The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...

Wolf CMS 0.8.2 Shell Upload

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS Arbitrary File Upload Exploit Date : 16 April...