Internet Bug Bounty: Use After Free Vulnerability in unserialize() with SplObjectStorage

https://bugs.php.net/bug.php?id=70365...

Internet Bug Bounty: Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

https://bugs.php.net/bug.php?id=70366...

UBUNTU-CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/splarray.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field...

FreeBSD : php5 -- multiple vulnerabilities (787ef75e-44da-11e5-93ad-002590263bf5)

The PHP project reports : Core : - Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. - Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL : - Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure...

Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)

PHP process crashes when processing an invalid file with the 'phar' extension. CVE-2015-5589 As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. CVE-2015-3152 PHP versions before 5.5.27 and 5.4.43 contain buffer...

Internet Bug Bounty: Use after free vulnerability in unserialize() with GMP

https://bugs.php.net/bug.php?id=70284...

PHP 'unserialize()' function memory corruption vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

PHP 5.5.x < 5.5.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.28. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist in splarray.c, splobserver.c, and spldllist.c due to improper sanitization of input to the...

PHP SplDoublyLinkedList Use-After-Free Exploit

A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date...

PHP SPL ArrayObject Use-After-Free Exploit

A use-after-free vulnerability was discovered in unserialize with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Use After Free Vulnerability in unserialize with SPL ArrayObject Taoguang Chen - Write Date:...

PHP SplObjectStorage Use-After-Free Exploit

A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date:...

PHP SplObjectStorage Use-After-Free

Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date: 2015.7.30 - Release Date: 2015.8.7 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or...

PHP SPL ArrayObject Use-After-Free

Use After Free Vulnerability in unserialize with SPL ArrayObject Taoguang Chen - Write Date: 2015.7.30 - Release Date: 2015.8.7 A use-after-free vulnerability was discovered in unserialize with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or...

php5 -- multiple vulnerabilities

The PHP project reports: Core: Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL: Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure. Phar:...

kppw最新版任意用户登录

简要描述： 只需要用户名和用户id即可实现任意用户登录 详细说明： 问题出在 lib/inc/kekecoreclass.php function inituser 第981行 elseif $COOKIE 'kekeautologin' $loginInfo = unserialize $COOKIE 'kekeautologin' ; $pwdInfo = explode '|', base64decode $loginInfo 2 ; $uInfo = kekezu::gettabledata '', 'witkeyspace', " username='$pwdInfo2' an...

Chrome ui::AXTree::Unserialize Use-After-Free Exploit

Chrome suffers from a ui::AXTree::Unserialize related use-after-free vulnerability. 1503A - Chrome - ui::AXTree::Unserialize use-after-free CVE-2015-1277 TL;DR After 60 day deadline has passed, I am releasing details on an unfixed use-after-free vulnerability in Chrome's accessibility features,...

php: SoapClient's __call() type confusion through unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: use after free vulnerability in unserialize() with DateTimeZone

A use-after-free flaw was found in the unserialize function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...