43 matches found
SUSE CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
php: Use after free in unserialize() with Unexpected Session Deserialization
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
SUSE-SU-2016:2328-1 Security update for php53
This update for php53 fixes the following security issues: CVE-2014-3587: Integer overflow in the cdfreadpropertyinfo affecting SLES11 SP3 bsc987530 CVE-2016-6297: Stack-based buffer overflow vulnerability in phpstreamzipopener bsc991426 CVE-2016-6291: Out-of-bounds access in...
MGASA-2016-0267 Updated php/xmlrpc-epi/timezone packages fix security vulnerability
Stack-based buffer overflow vulnerability in virtualfileex CVE-2016-6289. Use After Free in unserialize with Unexpected Session Deserialization CVE-2016-6290. Out of bound read in exifprocessIFDinMAKERNOTE CVE-2016-6291. NULL Pointer Dereference in exifprocessusercomment CVE-2016-6292...
CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
EUVD-2016-7220
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
CVE-2016-6290
CVE-2016-6290 affects PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9. The issue in ext/session/session.c is a mismanagement of a hash data structure that can enable a remote attacker to trigger a denial of service via use-after-free during session deserialization, wit...
CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
UBUNTU-CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
Internet Bug Bounty: Use After Free in unserialize() with Unexpected Session Deserialization
https://bugs.php.net/bug.php?id=72562...
Joomla object injection vulnerability analysis including the vulnerability use-a vulnerability warning-the black bar safety net
Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. Impact version from Joomla 1.5 up until 3.4.5 This vulnerability without having to log in, the front Desk can be code execution One, session deserialization php function sessionsetsavehandleroffici...
PHP < 4.4.5 / 5.2.1 _SESSION Deserialization Overwrite Exploit
No description provided by source...
PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
CVE-2007-1701
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...
php session extension global variable clobber
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...
PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak
A1"; $keys = arraykeys$SESSION; $stackdump = $keys1; echo "Stackdump\n---------\n\n"; for $b=0; $...
PHP < 4.4.5 / 5.2.1 WDDX Session Deserialization Information Leak
Exploit for multiple platform in category local exploits ================================================================= PHP s...
PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak
Exploit for multiple platform in category local exploits ======================================================================= PHP 4.4.5 / 5.2.1 phpbinary Session Deserialization Information Leak ======================================================================= ?php...