26 matches found
SUSE CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...
SUSE CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
The vulnerability of the ext/wddx/wddx.c component of the PHP interpreter allows a attacker to cause a service failure.
The vulnerability of the ext/wddx/wddx.c component of the PHP interpreter is related to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a service failure by using specially created serialized data in an XML document called wddxPacket...
PHP 'ext/wddx/wddx.c' Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. PHP...
PHP 'ext/wddx/wddx.c' Null Pointer Reference Remote Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A nu...
Internet Bug Bounty: Invalid read when wddx decodes empty boolean element
Description ----------- I have found some vulnerable code in wddx extension. The trouble happens when trying to process 'boolean' tag. If I open tag without data, new stentry item WILL NOT be pushed into stack. When tag is closed and stack-top is greater than 1, stentry item at top of stack WILL ...
php: Double Free Corruption in wddx_deserialize
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
PHP 'ext/wddx/wddx.c' Denial of Service Vulnerability
PHP is an open source general-purpose computer scripting language. The PHP 'ext/wddx/wddx.c' denial of service vulnerability allows attackers to exploit the vulnerability to crash an application, causing a denial of service...
CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
CVE-2016-5772
Removed by vendor...
CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
UBUNTU-CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
Ubuntu 15.10 : php5 regression (USN-2952-2)
USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2952-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2952-1 advisory. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this...
USN-2952-1 php5 vulnerabilities
It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...
PHP WDDX Extension wddx.c Buffer Overflow Vulnerability
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.PHAR is one of the archived extensions. A buffer overflow vulnerability exists in the wddx.c file in PHP's WDDX extension. A remote attacker could send a wddxdeserialize cal...
Design/Logic Flaw
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...
CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...