UBUNTU-CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

Internet Bug Bounty: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize

https://bugs.php.net/bug.php?id=72434 This vulnerability was discovered during the auditing of a vendor on Hackerone. Similar to our other submission on bugs.php.net and here, this vulnerability is remotely exploitable. Please feel free to ask for more technical details if necessary. Thank you fo...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

Bomgar Remote Support - Code Execution (Metasploit)

Bomgar Remote Support - Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This...

Bomgar Remote Support Unauthenticated Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This module exploits a vulnerability in the Bomgar Remote...

Magento 2.0.6 Unserialize Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Magento 2.0.6 Unserialize Remote Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability ...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File

Exploit for php platform in category web applications arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // // If...

WordPress CMS: source code security analysis report

Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...

MODX Revolution: source code security analysis report

Several vulnerabilities were discovered in MODX 'MODX Revolution' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random...

Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...

BigTree 4.2.8 Object Injection / Improper Filename Sanitization

Security Advisory - Curesec Research Team 1. Introduction Affected Product: BigTree 4.2.8 Fixed in: BigTree 4.2.9 Fixed Version Link: https://www.bigtreecms.org/download/ Vendor Website: https://www.bigtreecms.org/ Vulnerability Type: Object Injection & Improper Filename Sanitation Remote...

Amazon Linux AMI : php54 (ALAS-2016-670)

A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language XSL transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT...

php: SOAP serialize_function_call() type confusion

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: Use After Free Vulnerability in unserialize()

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

Multiple vulnerabilities in extension "Fe user statistic" (festat)

It has been discovered that the extension "Fe user statistic" festat is susceptible to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affecte...

DOKEOS SSO Authentication Bypass Vulnerability

Dokeos is an open source online education and course management system. A security vulnerability exists in DOKEOS. The vulnerability is caused by a variable type obfuscation error when comparing passwords to unserializable strings during authentication, SSO authentication is not possible...

Internet Bug Bounty: Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)

https://bugs.php.net/bug.php?id=71313...

Internet Bug Bounty: Use-after-free vulnerability in SPL(ArrayObject, unserialize)

https://bugs.php.net/bug.php?id=71311...

CVE-2015-6832

CVE-2015-6832 is a use-after-free vulnerability in the SPL unserialize path (ext/spl/spl_array.c) of PHP. A crafted serialized payload can trigger misuse of an array field, allowing remote attackers to execute arbitrary code. Affected PHP versions: before 5.4.44, 5.5.x before 5.5.28, and 5.6.x be...