PHP <= 5.4.3 (com_event_sink) Denial of Service

No description provided by source. ?php / PHP = 5.4.3 comeventsink Code Execution Proof of Concept Found by condis Website: http://cond.psychodela.pl Tested on: PHP 5.3.8 + Windows XP SP3 Professional PL PHP 5.3.10 + Windows XP SP3 Professional PL PHP 5.4.0 + Windows XP SP3 Professional PL PHP...

PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce

No description provided by source. ?php / PHP = 5.4.3 wddxserialize / streambucket Variant Object Null Ptr Derefernce Author : condis Date : 10.04.2012 AD Website : http://cond.psychodela.pl ---- Download : http://php.net/downloads.php Tested on: PHP 5.3.8 + Windows XP SP3 Professional PL PHP...

PHP version 5.4.3 code execution exploit for Win32

No description provided by source. // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish...

CVE-2012-2376

Buffer overflow in the comprinttypeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012...

Buffer overflow

Buffer overflow in the comprinttypeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012...

CVE-2012-2376

Buffer overflow in the comprinttypeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012...

PHP 5.4.3 - wddx_serialize_* stream_bucket_* Variant Object Null Ptr Dereference

PHP 5.4.3 - wddxserialize streambucket Variant Object Null Ptr Dereference 4.1.0 and PHP 5. For more details check : http://php.net/manual/en/class.variant.php PS2: After running this via webserver my Apache wasn't able to handle requests anymore and I had to restar...

PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Object Null Ptr Dereference

Exploit for php platform in category dos / poc 4.1.0 and PHP 5. For more details check : http://php.net/manual/en/class.variant.php PS2: After running this via webser...

PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference

4.1.0 and PHP 5. For more details check : http://php.net/manual/en/class.variant.php PS2: After running this via webserver my Apache wasn't able to handle requests anymore and I had to restart him : kthxbye /...

PHP 5.4.3 - &#039;com_event_sink&#039; Denial of Service

?php / PHP = 5.4.3 comeventsink Code Execution Proof of Concept Found by condis Website: http://cond.psychodela.pl Tested on: PHP 5.3.8 + Windows XP SP3 Professional PL PHP 5.3.10 + Windows XP SP3 Professional PL PHP 5.4.0 + Windows XP SP3 Professional PL PHP 5.4.3 + Windows XP SP3 Professional P...

PHP 5.4.3 Null Pointer Dereference

4.1.0 and PHP 5. For more details check : http://php.net/manual/en/class.variant.php PS2: After running this via webserver my Apache wasn't able to handle requests anymore and I had to restart him :...

New P2P Zeus Variant Targets Popular Sites with Bogus Offers

Facebook, Gmail, Yahoo and Hotmail users should beware of rogue rebate offers and new secure payment options aimed at getting them to part with their debit card information. Earlier this week Amit Klein, CTO of Trusteer, announced the discovery of a peer-to-peer variant of the Zeus platform that...

PHP 5.4 Win32 Code Execution

// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...

PHP 5.4 Win32 Code Execution

Exploit for php platform in category remote exploits // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polis...

PHP 5.4.3 (Windows x86 Polish) - Code Execution

// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...

Skype Vulnerability Exposing User IP Addresses

Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github...

New Android Malware Variant Can Remotely Root Phone

A new version of Android malware has been tweaked so it doesn’t require user interaction for an attacker to own the device, according to research published by Lookout Mobile Security yesterday. An updated variant of the Legacy Native LeNa malware utilizes the GingerBreak exploit to gain root...

Kelihos Returns: Same Botnet or New Version?

The twice-shut-down Kelihos botnet remains active and continues spamming with a new variant, despite yesterday’s efforts by Kaspersky Lab and CrowdStrike that knocked offline and sinkholed the most recent version of the botnet. According to a Seculert report, the indomitable botnet is using a...

Stratfor Subscribers Experience Phishing Attempts

Cybercriminals continue targeting customers of Stratfor, the well-known, Texas-based security and policy think-tank hacked by Anonymous on Christmas, according to a TechNet report. Social engineers have been sending malicious and fraudulent emails to Strafor subscribers since their customer...

Debian DSA-2406-1 : icedove - several vulnerabilities

Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. - CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls throu...