CVE-2008-6878

Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the SESSIONlanguage parameter. NOTE: the vendor disputes this...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the 1 SESSIONhandle parameter to a home.php, b books/allbooks.php, or c books/home.php; or the 2 home parameter to d ihead.php or e inav.php, or f...

TinyWebGallery 1.7.6 Local File Inclusion

?php / ----------------------------------------------------------- TinyWebGallery = 1.7.6 LFI / Remote Code Execution Exploit ----------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.tinywebgallery.com/ details..: this...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...

CVE-2009-0530

Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...

PHP Hash表覆盖任意代码执行漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP SESSION unset存在问题，远程攻击者可利用此漏洞以应用程序权限执行任意指令。 因为不包含会话全局中的内部指针，会话扩展不正确设置会话变量的引用计数值。可导致unset SESSION和HTTPSESSIONVAR会破坏包含会话数据的HASH表，虽然会话扩展仍旧包含内部指针指向，并内部仍旧使用它。通过特殊构建的字符串可替代HASH表导致任意代码执行。 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PH...

MOPB-sessiondeser.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

PHP < 4.4.5 / 5.2.1 _SESSION Deserialization Overwrite Exploit

Exploit for linux platform in category local exploits ============================================================== PHP 4.4.5 / 5.2.1 SESSION Deserialization Overwrite Exploit ============================================================== ?php...

PHP 4.4.55.2.1 - _SESSION unset() Local Overflow

PHP 4.4.55.2.1 - SESSION unset Local Overflow ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...

Session fixation

The 1 Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the 2 Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $SESSION...

Php5 GPC bypass flaw-vulnerability warning-the black bar safety net

In the discussion of specific defects before we start to learn a little about php security aspect of small things. magicquotesgpc option is php one of the important security settings, when the option is ON that is open at the time, all from GET, POST, COOKie is passed over the data in the'," and,...

CVE-2006-0636

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...