CVE-2017-6350

An integer overflow at an unserializeuep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

ALPINE-CVE-2017-6350

An integer overflow at an unserializeuep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

UBUNTU-CVE-2017-6350

An integer overflow at an unserializeuep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

Node-serialize Package For Node.js 'unserialize()' Function Arbitrary Code Execution Vulnerability

Node.js is an open source, cross-platform, runtime environment for server-side and web applications. Node.js has a security vulnerability in the node-serialize module that allows an attacker to execute arbitrary code via IIFE if the unserialize function input is not secure...

The use of the Node. js deserialization vulnerability remote code execution-vulnerability warning-the black bar safety net

Vulnerability description Vulnerability name: Exploiting Node.js deserialization bug for Remote Code Execution Vulnerability CVE id: CVE-2017-594 Vulnerability type: code execution Vulnerability description: Untrusted data is passed into the unserializefunction, which leads to we can By pass with...

CVE-2017-5941

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...

CVE-2017-5941

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...

[SECURITY] [DSA 3783-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3783-1 [email protected] https://www.debian.org/security/ Luciano Bello February 08, 2017 https://www.debian.org/security/faq -...

Debian DSA-3783-1 : php5 - security update

Several issues have been discovered in PHP, a widely-used open source general-purpose scripting language. - CVE-2016-10158 Loading a TIFF or JPEG malicious file can lead to a Denial-of-Service attack when the EXIF header is being parsed. - CVE-2016-10159 Loading a malicious phar archive can cause...

Debian Security Advisory DSA 3783-1 (php5 - security update)

Several issues have been discovered in PHP, a widely-used open source general-purpose scripting language. CVE-2016-10158 Loading a TIFF or JPEG malicious file can lead to a Denial-of-Service attack when the EXIF header is being parsed. CVE-2016-10159 Loading a malicious phar archive can cause an...

PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP object injection vulnerability

Software Link: https://pear.php.net/package/HTMLAJAX Affected Versions: All versions from 0.3.0 to 0.5.7. Vulnerability Description: The vulnerable code is located within the HTMLAJAXSerializerPHP class defined into the /AJAX/Serializer/PHP.php script. Such a class uses the unserialize PHP functi...

Updated php packages fix security vulnerabilities

Floating-point exception in php-exif when parsing a tag format CVE-2016-10158. Crash in php-phar while loading hostile phar archive CVE-2016-10159. Memory corruption in php-phar when loading hostile phar CVE-2016-10160. Heap out of bounds read on unserialize in finishnesteddata CVE-2016-10161...

Amazon Linux AMI : php70 (ALAS-2017-788)

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data. CVE-2016-7480...

CVE-2016-7480

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

Immunity Canvas: MAGENTO_SET_PAY_INFO

Name| magentosetpayinfo ---|--- CVE| CVE-2016-4010 Exploit Pack| CANVAS Description| Magento unauthenticated unserialize 2.0.6 Notes| Repeatability: Infinite VENDOR: Magento CVE Url: https://vulners.com/cve/CVE-2016-4010 CVE Name: CVE-2016-4010...

Immunity Canvas: MAGENTO_SET_PAYMENT_INFO

Name| magentosetpaymentinfo ---|--- CVE| CVE-2016-4010 Exploit Pack| CANVAS Description| Magento unauthenticated unserialize 2.0.6 Notes| Repeatability: Infinite VENDOR: Magento CVE Url: https://vulners.com/cve/CVE-2016-4010 CVE Name: CVE-2016-4010...

MyBB 1.8.3 (with PHP 5.6 5.6.11) - Remote Code Execution

MyBB 1.8.3 with PHP 5.6 5.6.11 - Remote Code Execution GMP Deserialization Type Confusion Vulnerability MyBB - Write Date: 2015.4.28 - Release Date: 2017.1.20 A type-confusion vulnerability was discovered in GMP deserialization with crafted object's wakeup magic method that can be abused for...

Internet Bug Bounty: Use After Free in unserialize()

The bug report at: https://bugs.php.net/bug.php?id=69425...

CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...

CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...