1318 matches found
Advisory 03/2009: Piwik Cookie unserialize() Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Piwik Cookie Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: Piwik = 0.4.5 Severity: Piwik unserializes user input which allows an...
Advisory 02/2009: PHPIDS Unserialize() Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHPIDS Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHPIDS = 0.6.2 Severity: PHPIDS unserializes user input which allows an attacker...
PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)
This module exploits an integer overflow vulnerability in the unserialize function of the PHP web server extension. This vulnerability was patched by Stefan in version 4.5.0 and applies all previous versions supporting this function. This particular module targets numerous web applications and is...
GLSA-200705-19 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200705-19 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the G...
FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)
The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 : - Fixed CVE-2007-1001, GD wbmp used with invalid image size - Fixed asciiz byte truncation inside mail - Fixed a bug in mbparsestr that can be used to activate registerglobals - Fixed unallocated memor...
RunCMS 1.5.2 - debug_show.php SQL Injection
RunCMS 1.5.2 - debugshow.php SQL Injection no authentication is performed to run showfiles and showqueries functions, look at this now in /class/debug/debug.php: ... function showqueries$executedqueries, $sorted=0 global $db; $executedqueries = unserializeurldecode$executedqueries; if $sorted == ...
Debian DSA-1282-1 : php4 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1286 Stefan Esser discovered an overflow ...
DSA-1282-1 php4
Bulletin has no description...
security flaw
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
security flaw
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
Important: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
security flaw
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
PHP unserialize() function information leak
Uninitiailized memory fragment is returned on "S:" string...
MOPB-29-2007:PHP 5.2.1 unserialize() Information Leak Vulnerability
Summary The new S: data type added to PHP 5.2.1's serialisation format is completely broken. The new feature it is supposed to add, the handling of escaped strings does not work at all and leads to disclosure of heap memory content. Affected versions Affected is PHP 5.2.1 Detailed information Wit...
PHP 5.2.1 unserialize() Local Information Leak Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / //...
MOPB-unserialize.txt
1,strrepeat'"', 200."2"=1; $heapdump = unserialize$str; echo "Heapdump\n---------\n\n"; $len = strlen$heapdump; for $b=0; $b 127 || $c...
PHP 5.2.1 unserialize() Local Information Leak Exploit
Exploit for multiple platform in category local exploits ====================================================== PHP 5.2.1 unserialize Local Information Leak Exploit ====================================================== 1,strrepeat'"', 200."2"=1; $heapdump = unserialize$str; echo...
PHP 5.2.1 - 'Unserialize()' Local Information Leak
1,strrepeat'"', 200."2"=1; $heapdump = unserialize$str; echo "Heapdump\n---------\n\n"; $len = strlen$heapdump; for $b=0; $b$len; $b+=16 printf"%08x: ", $b; for $i=0; $i16; $i++ if $b+$i$len printf "%02x ", ord$heapdump$b+$i; else printf ".. ";...
PHP 5.2.1 - Unserialize() Local Information Leak
PHP 5.2.1 - Unserialize Local Information Leak 1,strrepeat'"', 200."2"=1; $heapdump = unserialize$str; echo "Heapdump\n---------\n\n"; $len = strlen$heapdump; for $b=0; $b$len; $b+=16 printf"%08x: ", $b; for $i=0; $i16; $i++ if $b+$i$len printf "%02x ", ord$heapdump$b+$i; else printf "...
CVE-2007-1286
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...