Taoguang Chen

8 exploits Active since Mar 2015
EIP-2026-109698 EXPLOITDB WORKING POC
MyBB 1.8.2 - 'unset_globals()' Function Bypass / Remote Code Execution
EIP-2026-109704 EXPLOITDB WORKING POC
MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution
CVE-2015-6834 EXPLOITDB CRITICAL text WORKING POC
PHP < 5.4.45 - Remote Code Execution via Unserialization Use-After-Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
CVSS 9.8
CVE-2015-0273 EXPLOITDB text WORKING POC
PHP < 5.4.38, 5.5.x < 5.5.22, 5.6.x < 5.6.6 - Use-After-Free via Crafted Serialized DateTime Data
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
EIP-2026-104664 EXPLOITDB text WORKING POC
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free
CVE-2015-6835 EXPLOITDB CRITICAL text WORKING POC
Joomla HTTP Header Unauthenticated Remote Code Execution
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
CVSS 9.8
EIP-2026-104672 EXPLOITDB text WORKING POC
PHP GMP - 'unserialize()' Use-After-Free
CVE-2015-6834 EXPLOITDB CRITICAL text WORKING POC
PHP < 5.4.45 - Remote Code Execution via Unserialization Use-After-Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
CVSS 9.8