Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.
Month Of PHP Security - PHP uses the stream context during stream destruction, although it was already freed in the request shutdown before. PHP versions 5.2 through 5.2.13 and 5.3 through 5.3.2 are affected.
Month Of PHP Security - PHP's fnmatch() function can be used to crash PHP through a stack exhaustion attack. PHP versions 5.2 through 5.2.13 and 5.3 through 5.3.2 are affected.
This Metasploit module exploits a stack buffer overflow in the ANSMTP.dll/AOSMTP.dll ActiveX Control provided by CommuniCrypt Mail 1.16. By sending a overly long string to the "AddAttachments()" method, an attacker may be able to execute arbitrary code.