1318 matches found
FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)
Stefan Esser reports : The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overfl...
CVE-2006-4812
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function Zend/zendalloc.c...
PHP integer overflow
unserialize function integer overflow...
Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP unserialize Array Creation Integer Overflow Release Date: 2006/10/09 Last Modified: 2006/10/09 Author: Stefan Esser [email protected] Application: PHP 5 = 5.1.6, PHP...
security flaw
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function Zend/zendalloc.c...
security flaw
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function Zend/zendalloc.c...
php -- _ecalloc Integer Overflow Vulnerability
Stefan Esser reports: The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflo...
SUSE-SA:2005:023: php4, php5
The remote host is missing the patch for the advisory SUSE-SA:2005:023 php4, php5. This update fixes the following security issues in the PHP scripting language: - A bug in getimagesize EXIF handling which could lead to a denial of service attack. This is tracked by the Mitre CVE IDs CVE-2005-052...
PHP
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. More details about the issues may be found in the PHP ChangeLogs on the PHP web site: http://php.net Here are the details from the Slackware 10.1 ChangeLog:...
security flaw
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...
Important: Red Hat Security Advisory: php security update
Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A double-free bug was found in the deserialization code of PHP. PHP applications use the unserialize...
CVE-2004-1019
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...
CVE-2004-1019
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...
PHP: Multiple vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefan Esser and Marcus Boerger reported several different issues in...
phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit
php bug in ext/standart/varunserializer.c in php 4.3.10 for dump php heap memory with phpbb2 ,who use unserialize for cookie , and found the config.phpsql password in the heap. you need http://overdose.tcpteam.org/serv.h and http://overdose.tcpteam.org/serv.cpp for compile / coded by overdose...
PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled)
No description provided by source. // Compiled version: http://www.milw0rm.com/sploits/phpbbmemorydump.rar // Source serv.cpp is at the bottom of the page - str0ke // Notes from author: // compile with borland c++ freecommandlinetools : // bcc32 -c serv.cpp // bcc32 bbmemorydump.cpp serv.obj /...
Remote Code Execution via Chosen-Ciphertext Attack
https://github.com/titon/framework/blob/cbf44729173d3a83b91a2b0a217c6b3827512e44/src/Titon/Crypto/OpenSslCipher.hhL30-L39 You aren't authenticating your ciphertexts, and then you're passing the decrypted result to unserialize. See also:...
CVE-2019-10912: Prevent destructors with side-effects from being unserialized
More info at https://symfony.com/cve-2019-10912...