EUVD-2011-1657

Malicious code in bioql PyPI...

CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDOMySql in PHP before 5.3.6...

CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDOMySql in PHP before 5.3.6...

CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDOMySql in PHP before 5.3.6...

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Command Injection

No description provided by source. WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction: This is a very special vulnerabilty, given...

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

Securimage 3.5 Cross Site Scripting

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: http://www.phpcaptcha.org Affected version: 3.5 Summary: Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and...

Jeroen Van Lievenoogen SQL Injection

ÿþ Exploit Title : Jeroen Van Lievenoogen-SQL Injection Vulnerability Category : Webapps Dork : Yol Al! = Date : 19.03.2012 Vendor : http://www.directhit.be Demo :http://www.redandblue.eu/start.php?id=360 Author : By-ReiS Contact : [email protected] Greetz :www.Cyber-Warrior.org and all users...

PHP Calendar Extension “SdnToJulian()”远程整数溢出漏洞

BUGTRAQ ID: 46967 CVE ID: CVE-2011-1466 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP 5.3.6之前版本的Calendar扩展中的SdnToJulian函数在实现上存在整数溢出漏洞，可使攻击者通过calfromjd函数的首个参数造成拒绝服务 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

Design/Logic Flaw

The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service application crash via certain flags arguments, as demonstrated by a GLOBALTDIRFUNC and b GLOBAPPEND...

CVE-2011-1657

The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service application crash via certain flags arguments, as demonstrated by a GLOBALTDIRFUNC and b GLOBAPPEND...

CVE-2011-1657

The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service application crash via certain flags arguments, as demonstrated by a GLOBALTDIRFUNC and b GLOBAPPEND...

PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938

No description provided by source. ?php / Jonathan Salwan - @shellstorm http://shell-storm.org 2011-06-04 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow...

PHP 5.3.6 - Local Buffer Overflow (ROP)

PHP 5.3.6 - Local Buffer Overflow ROP ?php / Jonathan Salwan - @jonathansalwan http://shell-storm.org 2011-06-04 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow...

PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938

Exploit for multiple platform in category local exploits ?php / Jonathan Salwan - @shellstorm http://shell-storm.org 2011-06-04 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6...

WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection

WebSVN 2.3.2 - Unproper Metacharacters Escaping exec Remote Command Injection WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction:...

Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)

A vulnerability has been identified and fixed in libzip : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service application cras...

Fedora 13 : maniadrive-1.2-27.fc13 / php-5.3.6-1.fc13 / php-eaccelerator-0.9.6.1-6.fc13 (2011-3666)

Security Enhancements and Fixes in PHP 5.3.6 : - Fixed bug 54247 format-string vulnerability on Phar. CVE-2011-1153 - Fixed bug 54193 Integer overflow in shmopread. CVE-2011-1092 - Fixed bug 54055 buffer overrun with high values for precision ini setting. - Fixed bug 54002 crash on crafted tag in...

Fedora 14 : maniadrive-1.2-27.fc14 / php-5.3.6-1.fc14 / php-eaccelerator-0.9.6.1-6.fc14 (2011-3636)

Security Enhancements and Fixes in PHP 5.3.6 : - Fixed bug 54247 format-string vulnerability on Phar. CVE-2011-1153 - Fixed bug 54193 Integer overflow in shmopread. CVE-2011-1092 - Fixed bug 54055 buffer overrun with high values for precision ini setting. - Fixed bug 54002 crash on crafted tag in...

Fedora 15 : maniadrive-1.2-29.fc15 / php-5.3.6-1.fc15 / php-eaccelerator-0.9.6.1-6.fc15 (2011-3614)

Security Enhancements and Fixes in PHP 5.3.6 : - Enforce security in the fastcgi protocol parsing with fpm SAPI. - Fixed bug 54247 format-string vulnerability on Phar. CVE-2011-1153 - Fixed bug 54193 Integer overflow in shmopread. CVE-2011-1092 - Fixed bug 54055 buffer overrun with high values fo...