Linux Distros Unpatched Vulnerability : CVE-2016-7125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote...

PHP 7.3.15-3 - (PHP_SESSION_UPLOAD_PROGRESS) Session Data Injection Exploit

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will return a revers...

PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

Fix of 227 CVE

Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...

SUSE-SU-2016:2408-1 Security update for php5

This update for php5 fixes the following security issues: CVE-2016-6128: Invalid color index not properly handled bsc987580 CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 CVE-2016-6292: Null pointer dereference in exifprocessusercomment...

openSUSE Security Update : php5 (openSUSE-2016-1095)

This update for php5 fixes the following security issues : - CVE-2016-7124: Create an Unexpected Object and Don't Invoke wakeup in Deserialization - CVE-2016-7125: PHP Session Data Injection Vulnerability - CVE-2016-7126: selectcolors write out-of-bounds - CVE-2016-7127: imagegammacorrect allowed...

PHP < 5.6.25, 7.x < 7.0.10 Multiple Vulnerabilities (Sep 2016) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2001-1505

The CVE-2001-1505 entry covers tinc versions 1.0pre3 and 1.0pre4, where remote attackers can inject data into user sessions by sniffing and replaying packets. Affected component: tinc (specific versions cited). Underlying issue: packet sniffing/replay enables session data modification (integrity ...

CVE-2002-1746

Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets...