1305 matches found
phpMyAdmin 'unserialize()' Remote Code Execution Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A remote code execution vulnerability exists in the phpMyAdmin 'unserialize' function, which can be exploited by an attacker to execute arbitrary code within the context of an application...
PHP garbage collection mechanism UAF vulnerability analysis-vulnerability warning-the black bar safety net
First, the PHP garbage collection mechanism introduction Because PHP is among the presence of circular references, only the refcount of the counter as a garbage collection mechanism is not enough, so in PHP5. 3 introduced a new garbage collection mechanism. $a = array'one'; $a = &$a; unset$a; ?&...
DEBIAN-CVE-2016-9865
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
UBUNTU-CVE-2016-9865
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
ALPINE-CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
DEBIAN-CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
UBUNTU-CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
CVE-2016-6620
CVE-2016-6620 affects phpMyAdmin: the vulnerability arises when data is passed to unserialize() without validating serialized data, enabling potential code execution through object instantiation/autoloading. Affected versions are all 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0...
CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...
PHP -- multiple vulnerabilities
The PHP project reports: Use After Free Vulnerability in unserialize CVE-2016-9936 Invalid read when wddx decodes empty boolean element CVE-2016-9935...
PHP 'unserialize()' function memory misreference vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory misreference vulnerability exists in the PHP 'unserialize' function. An attacker could exploit this vulnerability to execute arbitrary...
Ian Dunn: unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php
in: https://github.com/iandunn/audit-trail-extension/blob/master/audit-trail-extension.phpL106 https://github.com/iandunn/audit-trail-extension/blob/master/audit-trail-extension.phpL112 https://github.com/iandunn/audit-trail-extension/blob/master/audit-trail-extension.phpL133...
Ian Dunn: unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php
in: https://github.com/iandunn/WordPress-Functionality-Plugin-Skeleton/blob/547216caf1bef2664ec3920a9c749191dea13aeb/functionality-plugin-skeleton.phpL108 there is usage of unserialize function public function blockpluginupdates $request, $url if 0 !== strpos $url, self::PLUGINUPDATECHECKURL //...
Insecure Unserialize in TYPO3 Backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/...
Insecure Unserialize in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: November 22, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.28, 7.6.0 to 7.6.12 and 8.0.0 to 8.4.0 Severity:...
openSUSE Security Update : php5 (openSUSE-2016-1338)
This update for php5 fixes the following issues : - CVE-2016-9137: Fixed a use after free in unserialize in curl file deserialization boo1008029 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...