1305 matches found
PHP Use of uninitialized memory in unserialize() (CVE-2017-5340)
Description: ------------ There was found a bug showing that PHP uses uninitialized memory during calls to unserialize. As the following report shows, the payload supplied to unserialize may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects...
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...
Code injection
The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...
CVE-2016-7480
CVE-2016-7480 affects PHP: the SplObjectStorage unserialize implementation in ext/spl/spl_observer.c does not verify that a key is an object. This can allow a remote attacker to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. The issu...
KLA10944 Denial of service and arbitrary code execution vulnerabilities in PHP
An improper implementation of the SplObjectStorage unserialize in ext/spl/splobserver.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed...
FreePBX Remote Code Execution
Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ Trixbox/freepbx/elastix/pbxinflash/ Tested on: Cento...
CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
CVE-2016-9936
CVE-2016-9936 affects PHP 7.x prior to 7.0.14. The vulnerability is due to a use-after-free in the unserialize path (ext/standard/var.c), allowing remote attackers to cause a denial of service or potentially execute arbitrary code via crafted serialized data. Mitigation: update to PHP 7.0.14 or n...
CVE-2016-9936
Removed by vendor...
CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
UBUNTU-CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)
The PHP project reports : - Use After Free Vulnerability in unserialize CVE-2016-9936 - Invalid read when wddx decodes empty boolean element CVE-2016-9935 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...
PHP -- multiple vulnerabilities
Check Point reports: ... discovered 3 fresh and previously unknown vulnerabilities CVE-2016-7479, CVE-2016-7480, CVE-2016-7478 in the PHP 7 unserialize mechanism. The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the...
phpMyAdmin 'unserialize()' Remote Code Execution Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A remote code execution vulnerability exists in the phpMyAdmin 'unserialize' function, which can be exploited by an attacker to execute arbitrary code within the context of an application...
Freepbx < 2.11.1.5 - Remote Code Execution
Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ Trixbox/freepbx/elastix/pbxinflash/ Tested on: Cento...