Lucene search
K

412 matches found

exploitpack
exploitpack
added 2007/03/19 12:0 a.m.24 views

PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation

PHP 5.1.6 - MbParseStr Function RegisterGlobals Activation source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/19 12:0 a.m.30 views

PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation

source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP 'registerglobals' directive may allow attackers to further exploit...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/17 12:0 a.m.73 views

MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability

Summary The sessionregenerateid function that is used to generate a new session identifier fails to clear an already freed pointer to the former session identifier before calling the session identifier generator. When this generator triggers an error this can result in a double free that is easil...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.42 views

MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow

Summary The last vulnerability for today is similar to the second one. This time the bug is however a deep recursion bug in the Zend Engine variable destruction. User input is parsed in an iterative way which allows the creation of very deeply nested array structures from user input. However when...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.40 views

SUSE-SA:2006:052: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2006:052 php4,php5. Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on...

9.3CVSS6.5AI score0.06357EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2006/10/05 11:30 a.m.3 views

security flaw

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memorylimit restriction...

2.6CVSS5.9AI score0.01719EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/09/21 10:53 a.m.5 views

security flaw

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memorylimit restriction...

2.6CVSS5.9AI score0.01719EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/07/27 8:5 p.m.4 views

security flaw

The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...

5CVSS7.3AI score0.06299EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2005/12/19 5:29 p.m.4 views

security flaw

The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...

5CVSS6.8AI score0.06299EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2005/11/10 7:9 p.m.5 views

security flaw

The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...

5CVSS6.8AI score0.06299EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.46 views

php < 4.3.8

The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. PHP is a scripting language which acts as a module for Apache or as a standalone interpreter. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote...

6.8CVSS0.1AI score0.54856EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.36 views

php < 4.3.8

The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host if the option memorylimit is set. Another bug in the function striptags may allow an...

5.1CVSS7.2AI score0.54856EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/10/31 12:0 a.m.40 views

[Full-disclosure] Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str&#40;&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP registerglobals Activation Vulnerability in parsestr Release Date: 2005/10/31 Last Modified: 2005/10/31 Author: Stefan Esser [email protected] Application: PHP4 =...

Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.20 views

CVE-2004-0491

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit...

2.1CVSS6.1AI score0.0036EPSS
Exploits0References8
Cvelist
Cvelist
added 2004/12/15 5:0 a.m.23 views

CVE-2004-1191

Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."...

7.3AI score0.0032EPSS
Exploits0References2
0day.today
0day.today
added 2004/11/27 12:0 a.m.19 views

PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit

Exploit for linux platform in category remote exploits ================================================== PHP = 4.3.7/ 5.0.0RC3 memorylimit Remote Exploit ================================================== / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2004/11/27 12:0 a.m.46 views

PHP 4.3.7/5.0.0RC3 - &#039;memory_limit&#039; Remote Overflow

/ Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 include include include include include define IP "127.0.0.1" define PORT 80 int sock; struct sockaddrin s;...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.68 views

Debian DSA-531-1 : php4 - several vulnerabilities

Two vulnerabilities were discovered in php4 : - CAN-2004-0594 The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during...

6.8CVSS5.8AI score0.54856EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.47 views

GLSA-200407-13 : PHP: Multiple security vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200407-13 PHP: Multiple security vulnerabilities Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The striptags function, used to sanitize user input, could in certain cases allow tags containing \0...

6.8CVSS6.2AI score0.54856EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.28 views

Mandrake Linux Security Advisory : php (MDKSA-2004:068)

"Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memorylimit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of...

6.8CVSS5.8AI score0.54856EPSS
Exploits4References4
Rows per page
Query Builder