PHP memory misreference vulnerability (CNVD-2016-04370)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory misreference vulnerability exists in PHP's GC algorithm and unserialize function, which can be exploited by remote attackers to execute...

PHP memory misreference vulnerability (CNVD-2016-04368)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory misreference vulnerability exists in PHP's GC algorithm and unserialize function, which can be exploited by remote attackers to execute...

DokuWiki: source code security analysis report

Several vulnerabilities were discovered in DokuWiki Community 'DokuWiki' software: Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect User Input Filtration when Generating Code on the Fly...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

WordPress CMS: source code security analysis report

Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...

MODX Revolution: source code security analysis report

Several vulnerabilities were discovered in MODX 'MODX Revolution' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random...

Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...

Medium: php55

Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...

PHP 'php_var_unserialize()' function code execution vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A code execution vulnerability exists in PHP. An attacker could exploit this vulnerability to execute arbitrary code, which could also result in...

Multiple Remote Code Execution Vulnerabilities in PHP

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP has multiple remote code execution vulnerabilities in the unserialize function, which can be exploited by an attacker to execute arbitrary code...

Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)

PHP process crashes when processing an invalid file with the 'phar' extension. CVE-2015-5589 As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. CVE-2015-3152 PHP versions before 5.5.27 and 5.4.43 contain buffer...

Multiple Memory Corruption Vulnerabilities in PHP SOAP Access

PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...

php: use after free vulnerability in unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

PHP 'unserialize()' function has multiple vulnerabilities

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. An information disclosure and remote code execution vulnerability exists in the PHP 'unserialize' function. An attacker could exploit the vulnerability to gain...

PHP Core Unserialize Key Name Code Execution - Ver2 (CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a w...

PHP DateTimeZone Object timezone Unserialize Type Confusion

A code execution vulnerability has been reported in PHP. The vulnerability is due to a type confusion error when handling serialized DateTimeZone objects within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application runnin...

PHP Core Unserialize Key Name Code Execution (CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to ...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

Integer overflow

Integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an argument to the unserialize function...