1305 matches found
CVE-2015-6832
CVE-2015-6832 is a use-after-free vulnerability in the SPL unserialize path (ext/spl/spl_array.c) of PHP. A crafted serialized payload can trigger misuse of an array field, allowing remote attackers to execute arbitrary code. Affected PHP versions: before 5.4.44, 5.5.x before 5.5.28, and 5.6.x be...
SSO Authentication Bypass and Website Takeover in DOKEOS
High-Tech Bridge Security Research Lab discovered a high-risk vulnerability in a popular e-learning software DOKEOS. A remote unauthenticated attacker can bypass authentication process and login to the vulnerable website with an arbitrary account including administrator's one. Successful...
Joomla 3.4.6 版本 unserialize 使用不当导致的代码执行
No description provided by source...
PHP process_nested_data 函数释放后重用漏洞
A while ago the function "processnesteddata" was changed to better handle object properties. Before it was possible to create numeric object properties which would cause trouble down the road. So the following code was added: if !objprops ... else / object properties should include no integers /...
Immunity Canvas: JOOMLA_SESSION_UNSERIALIZE
Name| joomlasessionunserialize ---|--- CVE| CVE-2015-8562 Exploit Pack| CANVAS Description| Joomla session unserialize 1.5 to 3.4.5 Notes| Repeatability: Infinite VENDOR: Joomla CVE Url: https://vulners.com/cve/CVE-2015-8562 CVE Name: CVE-2015-8562...
IBM WebSphere Application Server RCE Vulnerability (Nov 2015) - Version Check
IBM WebSphere Application Server is prone to a remote code execution RCE vulnerability in Apache Commons Collections. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
vBulletin 5.1.2 Unserialize Code Execution
This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' ...
Apache Commons Collections Unserialize Java Vulnerability
For close to 10 months, a critical vulnerability in a library found in most Java rollouts has been twisting in the wind, unpatched, and until this week without proof-of-concept exploits that people paid attention to. Two researchers with NTT Com Security changed that dynamic last week when they...
[SECURITY] [DLA 341-1] php5 security update
Package : php5 Version : 5.3.3.1-7+squeeze28 CVE ID : CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 CVE-2015-6831 Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via...
vBulletin 5.x.x 远程任意代码执行漏洞
unserialize 实战之 vBulletin 5.x.x 远程代码执行 --- Author: RickGray 知道创宇404安全实验室 近日,vBulletin 的一枚 RCE 利用和简要的分析被曝光,产生漏洞的原因源于 vBulletin 程序在处理 Ajax API 调用的时候,使用 unserialize 对传递的参数值进行了反序列化操作,导致攻击者使用精心构造出的 Payload 直接导致代码执行。关于 PHP 中反序列化漏洞的问题可以参考 OWASP 的《PHP Object Injection》。 使用 原文 提供的 Payload 可以直接在受影响的站点上执行...
PHP yaml_parse_url Double Free Vulnerability
The yaml parsing functions suffers from an exploitable double free caused by the error path for the phpvarunserialize call on line 797 of pecl/fileformats/yaml.git/parse.c. Title: PHP yamlparseurl Double Free Credit: John Leitch email protected Url1:...
SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1818-1)
This update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6836: A SOAP serializefunctioncall type confusio...
Amazon Linux AMI : php56 (ALAS-2015-601)
As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the...
Medium: php55
Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...
By PHP deserialization remote code execution-vulnerability warning-the black bar safety net
In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE)vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...
openSUSE Security Update : php5 (openSUSE-2015-609)
The PHP5 script interpreter was updated to fix various security issues : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6832: A dangling pointer in the...
Security update for php5 (important)
The PHP5 script interpreter was updated to fix various security issues: CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 CVE-2015-6832: A dangling pointer in the unserialization ...
PHP 'php_var_unserialize()' function code execution vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A code execution vulnerability exists in PHP. An attacker could exploit this vulnerability to execute arbitrary code, which could also result in...
Internet Bug Bounty: Integer overflow in unserialize() (32-bits only)
https://bugs.php.net/bug.php?id=68044...
Multiple Remote Code Execution Vulnerabilities in PHP
PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP has multiple remote code execution vulnerabilities in the unserialize function, which can be exploited by an attacker to execute arbitrary code...