‘Vulnerabilities’

MOPS-2010-051: PHP unpack() Interruption Information Leak Vulnerability

May 31st, 2010

PHP’s unpack() function can be interrupted and used for information leakage due to call time pass by reference.
(more…)

MOPS-2010-050: PHP preg_match() Interruption Information Leak Vulnerability

May 31st, 2010

PHP’s preg_match() function can be interrupted by an object destructor causing information leaks due to call time pass by reference.
(more…)

MOPS-2010-049: PHP parse_str() Interruption Memory Corruption Vulnerability

May 31st, 2010

PHP’s parse_str() function can be interrupted by deeply nested arrays which can lead to memory corruption and arbitrary code execution.
(more…)

MOPS-2010-048: PHP substr_replace() Interruption Information Leak Vulnerability

May 30th, 2010

PHP’s substr_replace() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

MOPS-2010-047: PHP trim()/ltrim()/rtrim() Interruption Information Leak Vulnerability

May 30th, 2010

PHP’s trim()/ltrim()/rtrim() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

MOPS-2010-046: PHP str_pad() Interruption Information Leak Vulnerability

May 26th, 2010

PHP’s str_pad() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

MOPS-2010-045: PHP str_word_count() Interruption Information Leak Vulnerability

May 26th, 2010

PHP’s str_word_count() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

MOPS-2010-044: PHP wordwrap() Interruption Information Leak Vulnerability

May 26th, 2010

PHP’s wordwrap() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

MOPS-2010-043: PHP strtok() Interruption Information Leak Vulnerability

May 26th, 2010

PHP’s strtok() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

MOPS-2010-042: PHP setcookie() Interruption Information Leak Vulnerability

May 26th, 2010

PHP’s setcookie() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)