38 matches found
PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit
No description provided by source. / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3.7 and php 5 = 5.0.0RC3. by Gyan Chawdhary [email protected] felinemenace.org/gyan Greets S.Esser for the vuln and mlxdebug.tgz, everything in the code is based on it...
Slackware Advisory SSA:2004-202-01 PHP
The remote host is missing an update as announced via advisory SSA:2004-202-01. OpenVAS Vulnerability Test $Id: esoftslkssa200420201.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...
PHP 5.4/5.3 deprecated Function eregi() memory_limit bypass vulnerability-vulnerability warning-the black bar safety net
PHP is an HTML embedded language, PHP and Microsoft ASP quite a bit similar, is a server-side implementation of the embedded HTML document the script language, the language style is similar to the C language, is now a lot of web site programmers widely use. PHP 5.3 after version deprecated based ...
PHP 5.4/5.3 deprecated eregi() memory_limit bypass
PHP 5.4/5.3 deprecated eregi memorylimit bypass Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 30.03.2012 Original link: http://cxsecurity.com/issue/WLB-2012030272 PoC's: memorylimit poc http://cxsecurity.com/issue/WLB-2012030271 openbasedir poc...
PHP 5.4/5.3弃用函数eregi() memory_limit绕过漏洞
PHP 是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP 5.3之后版本弃用了基于POSIX正则表达式的函数,在5.4.0版本中,仍然使用这些函数,导致了绕过memorylimit,通过eregi耗尽内存。 0 PHP 5.4.0 厂商补丁: PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net PoC: 127 cat sym.php ?php...
Libc - 'regcomp()' Stack Exhaustion Denial of Service
? / PHP 5.4 5.3 memorylimit bypass exploit poc by Maksymilian Arciemowicz http://cxsecurity.com/ cxib a.T cxsecurity d0t com To show memorylimit in PHP php /www/memlimpoc.php 1 35000000 PHP Fatal error: Allowed memory size of 33554432 bytes exhausted tried to allocate 35000001 bytes in...
php -- memory_limit related vulnerability
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
php security and bug fix update
4.3.9-3.22.12 - set higher memorylimit in /usr/bin/pear 263501 4.3.9-3.22.11 - update to PEAR 1.4.9, matching RHEL-5 263501 bundle XMLRPC-1.5.0, ConsoleGetopt-1.2, ArchiveTar-1.3.1 fix paths in default pear.conf, installed PEAR registry replace /usr/bin/pear et al with simpler wrapper scripts...
PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit
No description provided by source. / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3.7 and php 5 = 5.0.0RC3. by Gyan Chawdhary [email protected] felinemenace.org/gyan Greets...
Debian Security Advisory DSA 531-1 (php4)
The remote host is missing an update to php4 announced via advisory DSA 531-1. OpenVAS Vulnerability Test $Id: deb5311.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 531-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 2102)
the CURL module lacked checks for control characters CVE-2006-2563 - strrepeat contained an integer overflow - ext/wddx contained a buffer overflow - memorylimit lacked checks for integer overflows - a bug in sscanf could potentially be exploited to execute arbitrary code. CVE-2006-4020 - an...
Design/Logic Flaw
The zendalterinientry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memorylimit violation, which has unknown impact and attack vectors...
CVE-2007-4659
The zendalterinientry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memorylimit violation, which has unknown impact and attack vectors...
CVE-2007-4659
CVE-2007-4659 affects PHP prior to 5.2.4. The zend_alter_ini_entry function does not properly handle an execution interruption triggered by a memory_limit violation, with the impact and vectors not clearly detailed in the provided description. Remediation per the referenced changelog is upgrading...
security flaw
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
MOPB-26-2007:PHP mb_parse_str() register_globals Activation Vulnerability
Summary When the mbparsestr function, which is the multibyte variant of the parsestr function, is called with only one parameter and is interrupted by for example a memorylimit violation the registerglobals directive will get internally activated during the process and not deactivated. Therefore...
Code injection
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
CVE-2007-1583
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
CVE-2007-1583
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
CVE-2007-1583
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...