‘Vulnerabilities’

MOPS-2010-061: PHP SplObjectStorage Deserialization Use-After-Free Vulnerability

June 25th, 2010

A use-after-free vulnerability was discovered in the deserialization of SPLObjectStorage objects that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
(more…)

MOPS-2010-060: PHP Session Serializer Session Data Injection Vulnerability

May 31st, 2010

PHP’s default sesson serializer wrongly handles the PS_UNDEF_MARKER character
(more…)

MOPS-2010-059: PHP php_mysqlnd_auth_write() Stack Buffer Overflow Vulnerability

May 31st, 2010

PHP’s php_mysqlnd_auth_write() does not check user supplied values which can result in a stack based buffer overflow.
(more…)

MOPS-2010-058: PHP php_mysqlnd_read_error_from_line() Buffer Overflow Vulnerability

May 31st, 2010

PHP’s php_mysqlnd_read_error_from_line() trusts network data which can result in a heap based buffer overflow.
(more…)

MOPS-2010-057: PHP php_mysqlnd_rset_header_read() Buffer Overflow Vulnerability

May 31st, 2010

PHP’s php_mysqlnd_rset_header_read() trusts network data which can result in a heap based buffer overflow.
(more…)

MOPS-2010-056: PHP php_mysqlnd_ok_read() Information Leak Vulnerability

May 31st, 2010

PHP’s php_mysqlnd_ok_read() trusts network data which can result in a heap information leak.
(more…)

MOPS-2010-055: PHP ArrayObject::uasort() Interruption Memory Corruption Vulnerability

May 31st, 2010

PHP’s ArrayObject::uasort() method can be interrupted and used for memory corruption attacks.
(more…)

MOPS-2010-054: PHP ZEND_CONCAT/ZEND_ASSIGN_CONCAT Opcode Interruption Information Leak and Memory Corruption Vulnerability

May 31st, 2010

PHP’s ZEND_CONCAT/ZEND_ASSIGN_CONCAT opcodes can be abused for information leakage or memory corruption by a userspace error handler interruption attack. This can be leveraged to execute arbitrary code.
(more…)

MOPS-2010-053: PHP ZEND_FETCH_RW Opcode Interruption Information Leak Vulnerability

May 31st, 2010

PHP’s ZEND_FETCH_RW opcode can be abused for information leakage by a userspace error handler interruption attack.
(more…)

MOPS-2010-052: PHP pack() Interruption Information Leak Vulnerability

May 31st, 2010

PHP’s pack() function can be interrupted and used for information leakage due to call time pass by reference.
(more…)