Stanislav Malyshev

5 exploits Active since Jan 2017
CVE-2016-7480 WRITEUP CRITICAL WRITEUP
Php < 7.0.11 - Memory Corruption
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVSS 9.8
CVE-2016-9934 WRITEUP HIGH WRITEUP
Php < 5.6.27 - NULL Pointer Dereference
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVSS 7.5
CVE-2016-9935 WRITEUP CRITICAL WRITEUP
Php < 5.6.28 - Out-of-Bounds Read
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
CVSS 9.8
CVE-2017-5340 WRITEUP CRITICAL WRITEUP
PHP <7.0.15 & 7.1.x <7.1.1 - RCE
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
CVSS 9.8
CVE-2018-17082 WRITEUP MEDIUM WRITEUP
PHP <5.6.38, <7.0.32, <7.1.22, <7.2.10 - XSS
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
CVSS 6.1