67 matches found
php523-overflow.txt
?php //PHP 5.2.3 tidyparsestring & tidyrepairstring local //buffer overflow poc win //rgod //site: retrogod.altervista.org //quickly tested on xp sp2, worked both from the cli and on apache //let's have a look here: http://www.google.com/codesearch?hl=it&q=+tidyparsestring&sa=N if...
PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ====================================================== PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit ====================================================== ?php //PHP 5.2.3 tidyparsestring & tidyrepairstring local //buffer overflow...
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
?php //PHP 5.2.3 tidyparsestring & tidyrepairstring local //buffer overflow poc win //rgod //site: retrogod.altervista.org //quickly tested on xp sp2, worked both from the cli and on apache //let's have a look here: http://www.google.com/codesearch?hl=it&q=+tidyparsestring&sa=N if...
PHP EXT/Session HTTP应答头注入漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID,远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart,会在部分情况下发送新会话COOKIE,这些情况如下: - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...
PHP 5.1.6 - Chunk_Split() Integer Overflow
PHP 5.1.6 - ChunkSplit Integer Overflow source: https://www.securityfocus.com/bid/24261/info PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory...
PHP 5.1.6 - 'Chunk_Split()' Integer Overflow
source: https://www.securityfocus.com/bid/24261/info PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Attackers may be able to execute arbitra...
Buffer overflow
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument object id...