14 matches found
EUVD-2016-8010
Malware in sbrugna...
Use After Free
PHP is vulnerable to use after free vulnerability. The vulnerability exists in the wddxstackdestroy function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset...
Out-Of-Bounds Read
PHP is vulnerable to out-of-bounds read attacks. This exists in the phpwddxpushelement function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...
Null pointer dereference
The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...
CVE-2016-9934
CVE-2016-9934 affects PHP’s WDDX extension (ext/wddx/wddx.c) in PHP before 5.6.28 and 7.x before 7.0.13, allowing remote attackers to cause a denial of service via crafted serialized data in a wddxPacket XML document (demonstrated by a PDORow string). Connected advisories corroborate the issue ac...
CVE-2016-9935
The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...
CVE-2016-7413
Use-after-free vulnerability in the wddxstackdestroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field...
CVE-2016-7418
The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...
CVE-2016-7418
The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...
CVE-2016-7132
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...
CVE-2016-7132
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...
CVE-2016-7130
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
CVE-2016-7130
Removed by vendor...
CVE-2016-7132
CVE-2016-7132 affects PHP’s WDDX extension: ext/wddx/wddx.c mishandles a crafted wddxPacket XML document in wddx_deserialize, allowing denial of service via NULL pointer dereference and potential other impact. Affected versions are PHP before 5.6.25 and before 7.0.10; fixed in PHP 5.6.25 and PHP ...