[FD] GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]

2017-01-22 Thread Taoguang Chen
#GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Taoguang Chen <[@chtg57](https://twitter.com/chtg57)> - Write Date: 2015.4.28 - Release Date: 2017.1.20 > A type-confusion vulnerability was discovered in GMP deserialization with > crafted ob

Re: [FD] Use After Free Vulnerabilities in unserialize()

2015-09-07 Thread Taoguang Chen
Update affected versions: Affected Versions Affected is PHP 5.6 < 5.6.13 Affected is PHP 5.5 < 5.5.29 Affected is PHP 5.4 < 5.4.45 2015-09-05 10:08 GMT+08:00 Taoguang Chen : > #Use After Free Vulnerabilities in unserialize() > > Taoguang Chen <[@chtg](h

[FD] Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

2015-09-07 Thread Taoguang Chen
#Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.8.27 - Release Date: 2015.9.4 > A use-after-free vulnerability was discovered in unserialize() with > SplDoublyLinkedL

[FD] Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage

2015-09-07 Thread Taoguang Chen
#Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.8.27 - Release Date: 2015.9.4 > A use-after-free vulnerability was discovered in unserialize() with > SplObjectStorage object's de

[FD] Use After Free Vulnerability in unserialize() with GMP

2015-09-07 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() with GMP Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.8.17 - Release Date: 2015.9.4 > A use-after-free vulnerability was discovered in unserialize() with GMP > object's deserialization that can be abused for

[FD] Use After Free Vulnerabilities in Session Deserializer

2015-09-07 Thread Taoguang Chen
#Use After Free Vulnerabilities in Session Deserializer Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.8.9 - Release Date: 2015.9.4 > Multiple use-after-free vulnerabilities were discovered in session > deserializer (php/php_binary/php_serialize) that can b

[FD] Use After Free Vulnerabilities in unserialize()

2015-09-07 Thread Taoguang Chen
#Use After Free Vulnerabilities in unserialize() Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.7.31 - Release Date: 2015.9.4 > Multiple use-after-free vulnerabilities were discovered in unserialize() with > Serializable class that can be abused for leaking arbi

[FD] Use After Free Vulnerability in unserialize() with SplObjectStorage

2015-08-07 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() with SplObjectStorage Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.7.30 - Release Date: 2015.8.7 > A use-after-free vulnerability was discovered in unserialize() with > SplObjectStorage object's deserializ

[FD] Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

2015-08-07 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.7.30 - Release Date: 2015.8.7 > A use-after-free vulnerability was discovered in unserialize() with > SplDoublyLinkedList object's deseria

[FD] Use After Free Vulnerability in unserialize() with SPL ArrayObject

2015-08-07 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() with SPL ArrayObject Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.7.30 - Release Date: 2015.8.7 > A use-after-free vulnerability was discovered in unserialize() with SPL > ArrayObject object's deserializ

[FD] Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception

2015-04-29 Thread Taoguang Chen
# Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.3 - Release Date: 2015.4.28 > A type confusion vulnerability was discovered in exception object's > __toString()

[FD] Type Confusion Infoleak Vulnerability in unserialize() with SoapFault

2015-04-29 Thread Taoguang Chen
# Type Confusion Infoleak Vulnerability in unserialize() with SoapFault Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.1 - Release Date: 2015.4.28 > A type confusion vulnerability was discovered in unserialize() with SoapFault > object's __toString() magi

[FD] Use After Free Vulnerability in unserialize()

2015-03-20 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.2.3 - Release Date: 2015.3.20 > A use-after-free vulnerability was discovered in unserialize() with a > specially defined object's __wakeup() magic method that

[FD] Use After Free Vulnerability in unserialize() with DateInterval

2015-03-20 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() with DateInterval Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.2.28 - Release Date: 2015.3.20 > A use-after-free vulnerability was discovered in unserialize() with > DateInterval object's __wakeup() magic m

[FD] Type Confusion Vulnerability in SoapClient

2015-03-20 Thread Taoguang Chen
# Type Confusion Vulnerability in SoapClient Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.1 - Release Date: 2015.3.20 > A type confusion vulnerability was discovered in SoapClient object's > __getCookies() method that can be abused for leaking arbitr

[FD] Type Confusion Infoleak Vulnerabilities in SoapClient

2015-03-20 Thread Taoguang Chen
# Type Confusion Infoleak Vulnerabilities in SoapClient Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.1 - Release Date: 2015.3.20 > Four type confusion vulnerabilities were discovered in SoapClient object's > some methods that can be abused for leaking

[FD] Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone

2015-02-21 Thread Taoguang Chen
#Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 > A Type Confusion Vulnerability was discovered in unserialize() with > DateTimeZone object's __wakeup()

[FD] Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]

2015-02-21 Thread Taoguang Chen
#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 > A use-after-free vulnerability was discovered in unserialize() with > DateTime/DateTimeZone/DateInterva

[FD] phpBB <= 3.1.1 deregister_globals() Function Bypass

2014-11-25 Thread Taoguang Chen
When PHP's register_globals configuration directive set on, phpBB will call deregister_globals() function, all global variables registered by PHP will be destroyed. But deregister_globals() functions can be bypassed. ``` $input = array_merge( array_keys($_GET), array_keys($_POST), array_keys($_CO

[FD] MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution Vulnerability

2014-11-25 Thread Taoguang Chen
#MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution Vulnerability Taoguang Chen <[@chtg57](twitter.com/chtg57)> - 2014.11.21 > MyBB's unset_globals() function can be bypassed under special conditions and > it is possible to allows remote code exe