GHSA-X7G2-WRRP-R6H3 Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

PHP 7.1.0 / 5.6.29 missing null byte checks for paths in ZipArchive::extractTo Vulnerability

Exploit for php platform in category dos / poc Description: ------------ ZipArchive-extractTo doesn’t ensure that pathnames lack NULL byte, which might allow attacker to manipulate the directory path. Affected method: ------------------------------------------ static ZIPARCHIVEMETHODextractTo...

PHP 7.1.0 and prior open_basedir bypass through glob wrapper Vulnerability

Exploit for php platform in category local exploits ./php -v PHP 7.1.0 cli built: Dec 23 2016 16:08:30 NTS DEBUG Copyright c 1997-2016 The PHP Group Zend Engine v3.1.0-dev, Copyright c 1998-2016 Zend Technologies Test script: --------------- ?php if $dh = opendir$argv1 while $file = readdir$dh !=...

Internet Bug Bounty: An integer overflow bug in php_str_to_str_ex() led arbitrary code execution.

Description ------------------ An integer overflow vulnerability exists in PHP-7.1.0 due to missing check of size before calling zendstringalloc in ext/standard/string.c:3234. Code: newstr = zendstringalloccount strlen - needlelen + ZSTRLENhaystack, 0; All variables including strlen, needlelen,...