exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Taoguang Chen

Email addresstaoguangchen at gmail.com
First Active2014-11-26
Last Active2017-01-22
PHP 5.6.x / MyBB 1.8.3 Remote Code Execution
Posted Jan 22, 2017
Authored by Taoguang Chen

MyBB versions 1.8.3 and below alongside PHP versions prior to 5.6.30 suffer from a GMP deserialization type confusion vulnerability.

tags | exploit, php
SHA-256 | 6f585bd28b4ea52da08b574068875a55d67f3ea3d0050fa7544f4931f043f728
PHP 5.6 / 5.5 / 5.4 SplDoublyLinkedList Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php
SHA-256 | 7068d7798e322a46c2e69230045e711ecf86cbeed6a1aeb9c0bfd3cc11b7c949
PHP 5.6 GMP unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.

tags | exploit, arbitrary, php
SHA-256 | 78b8814f488debb34e76681ef84991ebba8a99b93c4858fce8dfddcbc8a3470b
PHP 5.6 / 5.5 / 5.4 Session Deserialized Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php, vulnerability
SHA-256 | 379922b40d47340abc8e7b18eb526b13f875829b3cc5a5eb48390af82be079ec
PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.

tags | exploit, arbitrary, php
SHA-256 | 4fd5caf7c4dcacd754676a3cbc4212c2832b480514c1f218168a70d4dc9d6079
PHP 5.6 / 5.5 / 5.4 unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or for executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php, vulnerability
SHA-256 | 77d34f5cfa55e4abcf2086a401126827fa0bf5ae4047ceeb353c35148cd1c48c
PHP SplDoublyLinkedList Use-After-Free
Posted Aug 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

tags | exploit, arbitrary
SHA-256 | 0871a6862315dddb4b458e935baa1d9975da14b6a2a6fe621eb91c225e281bb8
PHP SplObjectStorage Use-After-Free
Posted Aug 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

tags | exploit, arbitrary
SHA-256 | 671f2a7c738b31dc6a03417ab29ce95089173d2f3c6b80d8f3156839a758dae5
PHP SPL ArrayObject Use-After-Free
Posted Aug 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

tags | exploit, arbitrary
SHA-256 | bdc3dd33954af63076460ec415aa1687a2a7bb0690e51d14cc41bd321bce45d0
PHP Exception Type Confusion / Heap Overflow
Posted Apr 29, 2015
Authored by Taoguang Chen

A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.

tags | exploit, overflow, arbitrary
SHA-256 | b3a8329c29d10dca9d7ddc4c0f46af58e29999c11da31e6009cf9c41975e1db6
PHP SoapFault Type Confusion
Posted Apr 29, 2015
Authored by Taoguang Chen

A type confusion vulnerability was discovered in unserialize() with SoapFault object's __toString() magic method that can be abused for leaking arbitrary memory blocks.

tags | exploit, arbitrary
SHA-256 | 628689009bd04f420924af79082ba1d3c89d666f96215bfa8944020190c85c15
PHP unserialize() Use-After-Free
Posted Mar 22, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with a specially defined object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code.

tags | exploit, arbitrary
SHA-256 | 0d7d8aafb8d2a37309dece6abe0be384cb2777387f609c40b05070f50d8937ad
PHP SoapClient Type Confusion Information Leak
Posted Mar 21, 2015
Authored by Taoguang Chen

PHP SoapClient in various PHP versions suffers from a type confusion that allows for information leakage.

tags | advisory, php
SHA-256 | e966d500ed0d4194c51186062d3c39579e4b806229a855ac04afddc816ae79ea
PHP DateTimeZone Type Confusion Infoleak
Posted Feb 20, 2015
Authored by Taoguang Chen

PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a type confusion information leak in DateTimeZone.

tags | exploit, php
SHA-256 | 960a07af7fc962fbbbd63879673d29572b4d34a6892640c9968ebecc39750216
PHP DateTime Use-After-Free
Posted Feb 20, 2015
Authored by Taoguang Chen

PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime.

tags | exploit, php
advisories | CVE-2015-0273
SHA-256 | a243dbfd64f8ccb636b6f3bfc76ae91d623d78d08de0e0aa1aeff9c533da6157
MyBB 1.8.2 unset_globals() Bypass / Remote Code Execution
Posted Nov 26, 2014
Authored by Taoguang Chen

MyBB versions 1.8.2 and below suffer from an unset_globals() function bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
SHA-256 | a691b9b40b1b09c878c6dabf004797b5a74ac29c49123dfae6aadb61bdba3161
phpBB 3.1.1 deregister_globals() Bypass
Posted Nov 26, 2014
Authored by Taoguang Chen

phpBB versions 3.1.1 and below suffer from a deregister_globals() bypass vulnerability.

tags | exploit, bypass
SHA-256 | 05feb1c2143bc563aea79f035ee6a9f2a25fd7538e2a1eaf959167cbc2e80130
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close