55 matches found
Type confusion
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...
CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...
CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...
Internet Bug Bounty: SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
This vulnerability was reported directly to the PHP development team. A detailed summary is available here: https://www.sektioneins.de/en/blog/14-08-27-unserialize-typeconfusion.html...
PHP 5.2.x<5.2.14,5.3.x<5.3.3 SplObjectStorage unserializerd代码执行漏洞
No description provided by source...
SOL12253 - PHP vulnerability CVE-2010-2225
PHP vulnerability CVE-2010-2225 describes a use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2. The vulnerability allows remote attackers to execute arbitrary code or obtain sensitive information by way of serialized data, related to the PHP...
PHP multiple security vulnerabilities
phar extension information leaks, SPLObjectStorage information leaks, error messages information leaks, variables spoofing...
USN-989-1: PHP vulnerabilities
Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. CVE-2010-0397 It was discovered that the...
Debian DSA-2089-1 : php5 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by crashing the interpreter by the...
Mandriva Linux Security Advisory : php (MDVSA-2010:140)
This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3 : - Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. - Fixed a possible resource...
CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...
Design/Logic Flaw
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...
CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...
CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...
PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability
PHP is prone to a vulnerability that an attacker could exploit to execute arbitrary code with the privileges of the user running the affected application. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...