Lucene search
K

43 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.2 views

SUSE CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS9.2AI score0.0548EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.14 views

php: Use after free in unserialize() with Unexpected Session Deserialization

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS7.4AI score0.0548EPSS
Exploits0References4
OSV
OSV
added 2016/09/16 3:14 p.m.25 views

SUSE-SU-2016:2328-1 Security update for php53

This update for php53 fixes the following security issues: CVE-2014-3587: Integer overflow in the cdfreadpropertyinfo affecting SLES11 SP3 bsc987530 CVE-2016-6297: Stack-based buffer overflow vulnerability in phpstreamzipopener bsc991426 CVE-2016-6291: Out-of-bounds access in...

9.8CVSS8.6AI score0.20237EPSS
Exploits20References35
OSV
OSV
added 2016/07/26 9:59 p.m.24 views

MGASA-2016-0267 Updated php/xmlrpc-epi/timezone packages fix security vulnerability

Stack-based buffer overflow vulnerability in virtualfileex CVE-2016-6289. Use After Free in unserialize with Unexpected Session Deserialization CVE-2016-6290. Out of bound read in exifprocessIFDinMAKERNOTE CVE-2016-6291. NULL Pointer Dereference in exifprocessusercomment CVE-2016-6292...

9.8CVSS8.4AI score0.06271EPSS
Exploits7References8
NVD
NVD
added 2016/07/25 2:59 p.m.40 views

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS8.4AI score0.0548EPSS
Exploits0References12
OSV
OSV
added 2016/07/25 2:59 p.m.21 views

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS9.2AI score
Exploits0References12
Cvelist
Cvelist
added 2016/07/25 2:0 p.m.31 views

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.2AI score0.0548EPSS
Exploits0References12
EUVD
EUVD
added 2016/07/25 2:0 p.m.3 views

EUVD-2016-7220

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS8.5AI score0.0548EPSS
Exploits0References17
CVE
CVE
added 2016/07/25 2:0 p.m.308 views

CVE-2016-6290

CVE-2016-6290 affects PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9. The issue in ext/session/session.c is a mismanagement of a hash data structure that can enable a remote attacker to trigger a denial of service via use-after-free during session deserialization, wit...

9.8CVSS7.9AI score0.0548EPSS
Exploits0References12Affected Software1
RedhatCVE
RedhatCVE
added 2016/07/25 10:48 a.m.37 views

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS6.8AI score0.0548EPSS
Exploits0References1
OSV
OSV
added 2016/07/25 12:0 a.m.2 views

UBUNTU-CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

9.8CVSS7.2AI score0.0548EPSS
Exploits0References3
Hacker One
Hacker One
added 2016/07/19 11:32 a.m.20 views

Internet Bug Bounty: Use After Free in unserialize() with Unexpected Session Deserialization

https://bugs.php.net/bug.php?id=72562...

6.9AI score
Exploits0
myhack58
myhack58
added 2015/12/16 12:0 a.m.15 views

Joomla object injection vulnerability analysis including the vulnerability use-a vulnerability warning-the black bar safety net

Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. Impact version from Joomla 1.5 up until 3.4.5 This vulnerability without having to log in, the front Desk can be code execution One, session deserialization php function sessionsetsavehandleroffici...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

PHP < 4.4.5 / 5.2.1 _SESSION Deserialization Overwrite Exploit

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/03/27 1:19 a.m.27 views

CVE-2007-1701

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

6.8CVSS6.3AI score0.09233EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2007/03/14 2:1 a.m.6 views

php session extension global variable clobber

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

6.8CVSS6.2AI score0.09233EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2007/03/04 12:0 a.m.43 views

PHP &lt; 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak

A1"; $keys = arraykeys$SESSION; $stackdump = $keys1; echo "Stackdump\n---------\n\n"; for $b=0; $...

7.4AI score
Exploits0
0day.today
0day.today
added 2007/03/04 12:0 a.m.12 views

PHP < 4.4.5 / 5.2.1 WDDX Session Deserialization Information Leak

Exploit for multiple platform in category local exploits ================================================================= PHP s...

6.9AI score
Exploits0
0day.today
0day.today
added 2007/03/04 12:0 a.m.22 views

PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak

Exploit for multiple platform in category local exploits ======================================================================= PHP 4.4.5 / 5.2.1 phpbinary Session Deserialization Information Leak ======================================================================= ?php...

6.9AI score
Exploits0
Rows per page
Query Builder