PHP 5.2.6 - sleep() Local Memory Exhaust

PHP 5.2.6 - sleep Local Memory Exhaust There is some kind of issue in PHP we can run out memory even on SAFEMODE script simply allocate maximum of memory and go to sleep for, let's say 9999999 seconds. sleep pass 'maxexecutiontime' setting. Ram eater sploit ? if ! $purl = @parseurl$url die'sorry,...

CVE-2006-4006

The dogameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the sendpkg function packets.c to use this data size when sending a reply, and allows remote attackers to read portions of server memory...

CVE-2006-2120

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service crash via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read...

phpWebSite 0.10.1 Full SQL injection

TITLE: phpWebSite 0.10.1 Full SQL injection Severity: Medium or even critical SOFTWARE: phpWebSite 0.10.1 Full DESCRIPTION: phpWebSite 0.10.1 full is vulnable to a sql injection.Here is a example: http://localhost/phpweb/index.php?module=sqlinjection DB Error: syntax error SELECT showblock,...

The Includer CGI 1.0 - Remote Command Execution (2)

!/usr/bin/perl Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print " incl10.pl 127.0.0.1 / "uname -a"\n"; print "...

PT-2005-1982 · Mtftpd · Mtftpd

Name of the Vulnerable Software and Affected Versions: mtftpd version 0.0.3 Description: The issue is related to a format string vulnerability in the log do function in log.c. This vulnerability can be exploited when the statistics option is enabled, allowing remote attackers to execute arbitrary...

Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/12977/info A buffer overflow is present in Jedi Academy that can be exploited remotely by client systems. The overflow is due to the use of the sprintf function in a text visualization procedure, GPrintf. The attacker can exploit this vulnerability to...

Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow

/ vcresize int overflow Copyright Georgi Guninski Cannot be used in vulnerability databases / include include include include include include include include include include int mainint ac, char av int fd; struct vtconsize vv; int cou=4242; fd=open"/dev/tty",ORDWR; if fd0 perror"open";return -42;...

wvtftpd buffer overflow

strcpy buffer overflow...

CVE-2002-0986

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator

Linux Kernel 2.2.252.4.242.6.2 - mremap Validator / Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version c...

pMachine.txt

Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if registerglobals is ON OR OFF. /pm/lib.inc.php : ------------------------------------------------------------...

PHP Mail Function Header Spoofing

The remote host is running a version of PHP prior or equal to 4.2.2. The mail function does not properly sanitize user input. This allows users to forge email to make it look like it is coming from a different source other than the server. Users can exploit this even if SAFEMODE is enabled...

CVE-2002-1716

The Host function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability...

security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

PHP 4 - 'PHPInfo()' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7805/info Scripts that include the PHP phpinfo debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML...

PHP 4.2.3 - Header Function Script Injection

source: https://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header function exists. It may be possible for ...

Signed/unsigned conversion bug in OpenBSD select() call

By passing negative argument to select function it's possible to overwrite the fragment of kernel memory...

vBulletin allows arbitrary code execution

OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...

QPC Software QVT Term 4.3QVTNet 4.3 Suite FTP Server - Denial of Service

QPC Software QVT Term 4.3QVTNet 4.3 Suite FTP Server - Denial of Service source: https://www.securityfocus.com/bid/796/info The FTP server that ships with QPC's QVT line of products is vulnerable to a denial of service attack. The FTP server has an unchecked buffer in the logon function. If a...