Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

CVE-2006-2563

The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...

PHP error_log()安全模式限制绕过漏洞

BUGTRAQ ID: 18645 CVECAN ID: CVE-2006-3011 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的errorlog函数中存在安全模式限制绕过漏洞： PHP5: - -2013-2050--- PHPAPI int phperrorlogint opterr, char message, char opt, char headers TSRMLSDC phpstream stream = NULL; switch opterr case 1: /send an email / if HAVESENDMAIL if...

Fedora Core 5 : php-5.1.4-1 (2006-289)

This update includes the latest release of PHP 5, version 5.1.4. This release includes fixes for several security issues and many bug fixes. The phpinfo PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have...

PHP 4.4.35.1.4 - sscanf Local Buffer Overflow

PHP 4.4.35.1.4 - sscanf Local Buffer Overflow ? / hoagiephpsscanf.php PHP = 4.4.3 / 5.1.4 local buffer overflow exploit howto get offsets: set $baseaddr to 0x41414141 ulimit -c 20000 /etc/init.d/apache restart execute script via web browser tail /var/log/apache/error.log ... Wed Aug 16 15:07:10...

CVE-2006-4020

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read...

php local buffer underflow could lead to arbitary code execution

Affected versions: php 5.1.4 and older, 4.4.3 and possibly older Cause: when php-s sscanf functions format argument contains argument swap and extra arguments are given like. sscanf'foo ','$1s',$bar then it reads an pointer to pointer to zval structure past the end of argument array by one. Php...

CVE-2006-2660

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the...

CVE-2006-2563

The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...