Security update for php5 (important)

This update for php5 fixes the following issues: CVE-2016-9137: Fixed a use after free in unserialize in curl file deserialization boo1008029...

WordPress Post Indexer Plugin <= 3.0.6.1 - PHP Object Injection

Because of this vulnerability, the blog makes an automated encrypted HTTP request to premium.wpmudev.org and then the returned value passes to unserialize. It is possible to premium.wpmudev.org or any one to return a string which contains a bad encoded object that executes arbitrary code. Solutio...

php: Use After Free Vulnerability in PHP's GC algorithm and unserialize

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

php: Use after free in SNMP with GC and unserialize()

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impac...

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object...

PHP 'unserialize()' function memory error references remote code execution vulnerability

PHP is a popular general-purpose scripting language that is particularly well suited for web development. A remote code execution vulnerability exists in the PHP 'unserialize' function. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected applicatio...

PHP 7 Unserialization Hash Table Resize Use After Free

A Use After Free vulnerability exists in PHP 7. A remote attacker can exploit this vulnerability by sending specially crafted input to the unserialize function...

PHP 5.6.26 and 7.0.11 Use After Free in unserialize() Vulnerability

Exploit for php platform in category remote exploits PoC: References: https://bugs.php.net/bug.php?id=73147 0day.today 2018-04-08...

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

PHP 7 Unserialization Exception Infinite Loop Denial of Service (CVE-2016-7478)

A Denial of Service vulnerability exists in PHP 7. A remote attacker can exploit this vulnerability by sending specially crafted input to the unserialize function...

PHP 7.0.x < 7.0.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

An SQL injection vulnerability exists in the DBSHOP_0.9.3_Beta getQuery() function.

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta suffers from SQL injection vulnerability. Due to the /DBSHOP/module/Shopfront/src/Shopfront/Controller/GoodslistController.php at indexAction first through getQuery to get all the parameters,...

Internet Bug Bounty: Use-after-free in unserialize()

The bug report at: https://bugs.php.net/bug.php?id=73147 The fix commit at: https://github.com/php/php-src/commit/0e6fe3a4c96be2d3e88389a5776f878021b4c59f...

Tuleap PHP Unserialize Code Execution (CVE-2014-8791)

This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server...

SugarCRM REST deserialization vulnerability

Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...

CVE-2016-7411

ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed object...

Internet Bug Bounty: wddx_deserialize use-after-free

Upstream Bug --- https://bugs.php.net/bug.php?id=72860 Summary -- wddxdeserialize allows to unserialize a WDDX packet that usually comes from external input. While WDDX tries to deserialize "recordset" element, use-after-free happens if the close tag for the field is not found. Patch --...

php: multiple issues

CVE-2016-7411 arbitrary code execution A memory Corruption vulnerability was found in php's unserialize method. This happened during the deserialized-object Destruction. - CVE-2016-7412 arbitrary code execution Php's mysqlnd extension assumes the flags returned for a BIT field necessarily...

CVE-2016-7411

ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed object...