exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2015-1351

Status Candidate

Overview

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Related Files

Gentoo Linux Security Advisory 201606-10
Posted Jun 19, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-10 - Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 5.6.19 are affected.

tags | advisory, denial of service, arbitrary, php, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2013-6501, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4642, CVE-2015-4643, CVE-2015-4644, CVE-2015-6831, CVE-2015-6832, CVE-2015-6833, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836
SHA-256 | 11f795a7de85515d82acb7e31ed076476df493af2eac39961d98ae5a569b9c65
Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
SHA-256 | 7a0709c784a5d4fb9ea404af89915bb4719339d731eebc17ca1e750e0b02747c
Red Hat Security Advisory 2015-1066-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1066-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
SHA-256 | 737b0fc8464520a03cda25d1868c5e45d2eda21dfbca75a7f5d7a523dcde4ef1
Red Hat Security Advisory 2015-1053-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1053-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
SHA-256 | 277990d32ba3a0e77323741d4d5dd06eb3a124cd7bc3d266dc530c4f8981c0ba
Slackware Security Advisory - php Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-9709, CVE-2015-0231, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2783, CVE-2015-3330
SHA-256 | 99ad1abcd26dab08695811257c2998e0a30dd4949338dc99aae75015340fafe9
Mandriva Linux Security Advisory 2015-079
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-079 - S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code. It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2014-9705, CVE-2015-0231, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2331
SHA-256 | 3184b9fd75ffbff99ea94fcbd90151aa715a8f0d53806bdb4d6220ec2e38e281
Ubuntu Security Notice USN-2501-1
Posted Feb 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2501-1 - Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local, cgi, php
systems | linux, ubuntu
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2015-0231, CVE-2015-0232, CVE-2015-1351, CVE-2015-1352
SHA-256 | 87581be317b7551f9d11aa00fc90c8ccbf8b821794084bfafde6b9df107ac894
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close