95 matches found
PHP 7.2.x < 7.2.16 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.27 or 7.2.x prior to 7.2.16 or 7.3.x prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the...
PHP 7.1.x < 7.1.26 Multiple vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...
PHP 5.6.x < 5.6.40 Multiple vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...
PHP 7.2 - imagecolormatch() Out of Band Heap Write
PHP 7.2 - imagecolormatch Out of Band Heap Write &c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rg...
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...
PDF Signer 3.0 Template Injection / CSRF / Code Execution
Exploit Title: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie Dork: N/A Date: 2019-01-28 Exploit Author: dd [email protected] Vendor Homepage: https://codecanyon.net/user/simcycreative Software Link:...
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
PHP 7.2.x < 7.2.4 Dumpable FPM Child Processes
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.4. It is, therefore, affected by opcache access controls bypass via dumpable FPM child processes. Note that the scanner has not tested for these issues but has instead relied only on the application...
PHP 7.2.x < 7.2.3 Stack Buffer Overflow
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.3. It is, therefore, affected by a stack buffer overflow vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
Fedora 28 : roundcubemail (2018-c279b3696f)
Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...
Fedora 28 : wordpress (2018-2ef9089e89)
WordPress 4.9.5 Security and Maintenance Release WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issue...
Fedora 28 : php-Smarty2 (2018-2d2739ebed)
2017-11-03 - replace functions deprecated in PHP 7.2 2016-09-11 Uwe Tews - math fix parameter checking order to avoid misleading message - math replace wrong versiom 2016-07-19 Uwe Tews - math shell injection vulnerability patch provided by Tim Weber 2015-12-30 Uwe Tews - fixed plugin filepath...
Fedora 29 : php-Smarty2 (2018-7adf863a47)
2017-11-03 - replace functions deprecated in PHP 7.2 2016-09-11 Uwe Tews - math fix parameter checking order to avoid misleading message - math replace wrong versiom 2016-07-19 Uwe Tews - math shell injection vulnerability patch provided by Tim Weber 2015-12-30 Uwe Tews - fixed plugin filepath...
Amazon Linux AMI : php72 (ALAS-2018-1067)
exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file.CVE-2018-14851 exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a...
CVE-2018-14884
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...
CVE-2018-14851
exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...
Internet Bug Bounty: heap-buffer-overflow (READ of size 48) in exif_read_data()
exifreaddata in PHP 5.6.36, 7.1.x and 7.2.x is vulnerable to a heap buffer overflow when fed a specially crafted JPEG. Any online service that reads EXIF data from uploaded JPEGs is potentially vulnerable to this flaw. This has been fixed with the release of PHP 7.2.8 today. Other releases are...
CVE-2018-12882
exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free in exifreadfromfile because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exifreaddata function...
CVE-2018-12882
exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free in exifreadfromfile because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exifreaddata function...
Internet Bug Bounty: CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7
exifreaddata in PHP 7.2 through 7.2.6 and possibly 7.2.7 is vulnerable to a heap use after free when fed a specially crafted JPEG. Any online service that uses PHP 7.2 and reads EXIF data from uploaded JPEGs is potentially vulnerable to this flaw. USEZENDALLOC=0 ./php-e147eb2 -r...