EUVD-2007-4806

Malware in sbrugna...

CVE-2007-4662

Buffer overflow in the phpopensslmakeREQ function in PHP before 5.2.4 has unknown impact and attack vectors...

CVE-2007-4783

The iconvsubstr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause 1 a denial of service application crash via a long string in the charset parameter, probably also requiring a long string in the str parameter; or 2 a denial of service temporary application hang via a...

CVE-2007-4840

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the outcharset parameter to the iconv function; or a long string in the charset parameter to the 2 iconvmimedecodeheaders, 3 iconvmimedecode, or 4 iconvstrlen function...

Lighttpd <= 1.4.16 FastCGI Header Overflow Remote Exploit

No description provided by source. / Remote Lighttpd + FastCGI + PHP example exploit Tested with Lighttpd 1.4.16 and PHP 5.2.4 To avoid abuse there's a remove me in the code. Example: ./exploit localhost 80 /etc/passwd or wget --referer=?php system'/usr/bin/id'; ? localhost ./exploit localhost 80...

b2ePms 1.0 - Multiple SQL Injection Vulnerabilities

Title: b2ePMS 1.0 multiple SQLi Vulnerabilities Version: 1.0 Author/Found by: loneferret Manifacturer/Software link: https://developer.berlios.de/projects/b2epms/ Other vulnerability: http://www.exploit-db.com/exploits/18882/ Date found: May 27th 2012 Tested on: Ubuntu Server 8.04 / PHP Version...

Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities

Document Title: =============== Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=427 Release Date: ============= 2012-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 4...

Hugetech SQL Injection

|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ '\ \ \ | | \ \ \ \ \ \L\ \ \ \ \ \ | | \ \ \ / \ \ \ | | // // //// | | | | | |=----=----=----=----=----=--------=|...

PG eLMS Pro vDEC_2007_01 (contact_us.php) Multiple POST XSS

Exploit for php platform in category web applications PG eLMS Pro vDEC200701 contactus.php Multiple POST XSS Vulnerabilities body bgcolo...

php safe mode bypass all-vulnerability warning-the black bar safety net

Sources:vul. kr PHP safe mode bypass from 4. x to 5. x all. Functions: mbsendmail curlinit imapopen mail ioncubereadfile posixgetpwuid errorlog extensionloaded copy procopen A php code safe-mode-bypass.php for you: Some New Virus: PHP 5.2.4 ionCube extension safemode and disablefunctions...

Code injection

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

PHP 5.2.4及之前版本存在多个漏洞

PHP是一款流行的网络编程语言。 PHP存在多个安全问题，远程攻击者可以利用漏洞进行缓冲区溢出，拒绝服务，和安全绕过攻击。 -dl处理文件名存在问题，可导致跨站脚本攻击。 -dl处理MAXPATHLEN参数大小存在问题，可导致拒绝服务攻击。 -tmlentities/htmlspecialchars处理部分多字节序列存在问题。 -fnmatch, setlocale和glob函数的glibc实现存在缓冲区溢出。 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 12.0 Slackware Linux 11.0...

CVE-2007-5447

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

php524ioncube-bypass.txt

ionCube output:"; echo $MyBootioncube; ?...

PHP 5.2.4 ionCube - ioncube_read_file Safe Mode Disable Functions Bypass

PHP 5.2.4 ionCube - ioncubereadfile Safe Mode Disable Functions Bypass ionCube output:"; echo $MyBootioncube; ? milw0rm.com 2007-10-11...

CVE-2007-4889

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safemode and openbasedir restrictions via the MySQL 1 LOADFILE, 2 INTO DUMPFILE, and 3 INTO OUTFILE functions, a different issue than CVE-2007-3997...