1305 matches found
PHP DateTime - Use-After-Free
PHP DateTime - Use-After-Free Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup...
PHP DateTime - Use-After-Free
Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...
PHP DateTime Use After Free Vulnerability
Exploit for php platform in category dos / poc Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod...
PHP DateTime Use-After-Free
Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...
PHP DateTimeZone Type Confusion Infoleak
Type Confusion Infoleak Vulnerability in unserialize with DateTimeZone Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A Type Confusion Vulnerability was discovered in unserialize with DateTimeZone object's wakeup magic method that can be abused for leaking arbitrary memory blocks...
Internet Bug Bounty: SoapClient's __call() type confusion through unserialize()
https://bugs.php.net/bug.php?id=69085 Description: ------------ SoapClient's call method is prone to a type confusion vulnerability which can be used to gain remote code execution through unsafe unserialize calls. In soap.c:2906 if zendhashfindZOBJPROPPthisptr, "defaultheaders",...
php5 -- multiple vulnerabilities
The PHP Project reports: Use after free vulnerability in unserialize with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow...
PHP Core Unserialize Key Name Code Execution (CVE-2015-0231)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to ...
Amazon Linux AMI : php54 (ALAS-2015-475)
sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...
Amazon Linux AMI : php55 (ALAS-2015-474)
sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...
PHP Core unserialize process nested data Use After Free (CVE-2014-8142)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web...
Internet Bug Bounty: Use After Free Vulnerability in unserialize()
Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.2.3 - Release Date: 2015.3.20 A use-after-free vulnerability was discovered in unserialize with a specially defined object's wakeup magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary...
CVE-2015-0231
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...
Design/Logic Flaw
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...
CVE-2015-0231
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...
CVE-2015-0231
CVE-2015-0231 is a use-after-free in PHP’s unserialize handling of serialized objects with identical numeric keys within process_nested_data (ext/standard/var_unserializer.re). Affects PHP releases up to 5.4.37, 5.5.x up to 5.5.21, and 5.6.x up to 5.6.5; remote attackers could trigger arbitrary c...
CVE-2015-0231
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...
UBUNTU-CVE-2015-0231
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...
MyBB < 1.8.3 / 1.6.16 Multiple Vulnerabilities
Binary data 8612.prm...
magento1. 9. 0. 1 PHP object injection analysis-vulnerability warning-the black bar safety net
Original: https://websec.wordpress.com/2014/12/08/magento-1-9-0-1-poi/ The use of unserializefunction to cause code execution vulnerability not new things, but in this article are a few of the more interesting use of points or that technique, although not a common technique, but the idea was good...