CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

SugarCRM 6.5.23 - REST PHP Object Injection (Metasploit)

SugarCRM 6.5.23 - REST PHP Object Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

SugarCRM REST Unserialize PHP Code Execution

This module exploits a PHP Object Injection vulnerability in SugarCRM CE 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in SugarCRM CE 'EgiX', 'License' = MSFLICENSE, 'References' = 'URL', 'http...

PHP 'unserialize()' memory error references remote command execution vulnerability

PHP is an open source general-purpose computer scripting language. PHP 'unserialize' suffers from a memory error referencing a remote command execution vulnerability, which allows an attacker to exploit the vulnerability to execute arbitrary code in the context of a user's affected application,...

Internet Bug Bounty: wddx_deserialize null dereference with invalid xml

Upstream Bug --- 2016-08-09 02:53 UTC https://bugs.php.net/bug.php?id=72790 Summary -- wddxdeserialize allows to unserializes a WDDX packet that usually comes from external input, php interpreter crashes while processing invalid XML input with wddxdeserialize...

Internet Bug Bounty: Use After Free Vulnerability in unserialize()

bug report at: https://bugs.php.net/bug.php?id=70436 fix commit at: https://github.com/php/php-src/commit/95d09e4b5e6b84f8340efe03e8e2f9c1380228db Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.9.6 - Release Date: 2016.8.18 A use-after-free vulnerability was discover...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

Design/Logic Flaw

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

Design/Logic Flaw

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

CVE-2016-5771

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

CVE-2016-5773

CVE-2016-5773 affects php_zip.c in the PHP zip extension; PHP versions before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 interact with unserialize and garbage collection, enabling remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data containing...

EUVD-2016-6706

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

CVE-2016-5771

Removed by vendor...

CVE-2016-5773

Removed by vendor...

CVE-2016-5771

CVE-2016-5771 affects the PHP SPL extension (spl_array.c) in PHP before 5.5.37 and 5.6.x before 5.6.23. The issue arises from how unserialize interacts with garbage collection, enabling remote attackers to trigger a use-after-free and cause a denial of service or potentially execute arbitrary cod...

USN-3045-1 php5, php7.0 vulnerabilities

It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-4116 ...

Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)

A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. A remote attacke...

PHP < 5.5.38, 5.6.x < 5.6.24, 7.0.x < 7.0.9 Multiple Vulnerabilities (Jul 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...