PHP memory_limit 环境变量导致远程执行代码

No description provided by source...

Joomla Component MisterEstate Blind SQL Injection Exploit

No description provided by source. ?php echo 'h2Joomla Component MisterEstate Blind SQL Injection Exploit/h2'; // http://www.misterestate.com/ iniset "memorylimit", "512M" ; iniset "maxexecutiontime", 0 ; settimelimit 0 ; if !isset $GET'url' die 'Usage: '.$SERVER'SCRIPTNAME'.'?url=www.victim.com'...

function sleep() in all versions of PHP

There is a quite big problem with sleep function in php, The maxexecutiontime set to 60sec. in safe mode can be easy passed by using sleep funcion, for example this script: ?php sleep9999999; echo 'Hello World'; ? Will print hello world after 9999999 seconds... so maxexecutiontime simply dosnt wo...

Konqueror Remote Denial Of Service

Application: Konqueror = 3.5.6 Web Site: http://www.konqueror.org/ Platform: Unix Bug: Remote Denial of service ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction =========== "Konqueror is an Open Source we...

PHP <= 5.2.5 stream_wrapper_register() denial of service

Application: PHP = 5.2.5 Web Site: http://php.net Platform: unix Bug: Denial of service fonction: streamwrapperregister special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1...

No title provided

The zendalterinientry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memorylimit violation, which has unknown impact and attack vectors...

PHP <=5.2.4 open_basedir bypass & code exec & denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1...

php524-basedir.txt

Application: PHP dll . / Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept ...

PHP < 5.2.3 glob() denial of service

Application: PHP 5.2.3 Web Site: http://php.net Platform: unix Bug: denial of service fonction: glob special condition:default php memory-limit value =========== 1 Introduction 2 Bug 3 Proof of concept 4 greets 5 Credits =========== 1 Introduction =========== "PHP is a widely-used general-purpose...

CVE-2007-4659

The zendalterinientry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memorylimit violation, which has unknown impact and attack vectors...

DSA-1331-1 php4 - several vulnerabilities

Bulletin has no description...

security flaw

The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...

CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

CVE-2007-1521

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the sessionregenerateid function, as demonstrated by calling a userspace error handler or triggering a memory limit violation...

CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation

source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP 'registerglobals' directive may allow attackers to further exploit...

PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation

PHP 5.1.6 - MbParseStr Function RegisterGlobals Activation source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP...

MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability

Summary The sessionregenerateid function that is used to generate a new session identifier fails to clear an already freed pointer to the former session identifier before calling the session identifier generator. When this generator triggers an error this can result in a double free that is easil...

MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow

Summary The last vulnerability for today is similar to the second one. This time the bug is however a deep recursion bug in the Zend Engine variable destruction. User input is parsed in an iterative way which allows the creation of very deeply nested array structures from user input. However when...