Crlf injection

CRLF injection vulnerability in the drupalsetheader function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP...

Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

PHP 4.x tempnam() Function open_basedir Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

HostFriendz.com SQL Injection

+===============================================================================+ + Copyright 2008 HostFriendz.com & SQL INJECTION + +===============================================================================+ Authors: Ivan Sanchez Product: Copyright 2008 HostFriendz Web: http://hostnomi.net...

php 5.1.2 跨站脚本漏洞

No description provided by source...

CVE-2006-0996

The CVE-2006-0996 issue is a cross-site scripting vulnerability in PHP’s phpinfo output that allows remote attackers to inject script/HTML via long array variables. Publicly disclosed in PHP 5.1.2 and 4.4.2, the flaw arises from inadequate sanitization of long strings, enabling XSS in pages that ...

[Full-disclosure] phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2

Source: http://securityreason.com/achievementsecurityalert/34 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpinfo Cross Site Scripting PHP 5.1.2 and 4.4.2 Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 26.2.2006 - -Public: 8.4.2006 from SecurityReason.Com CVE-2006-0996 - ---...