184 matches found
PHP 5.x < 5.2.8 magic_quotes_gpc Security Bypass
Binary data 4784.prm...
Gentoo Security Advisory GLSA 200603-22 (php)
The remote host is missing updates announced in advisory GLSA 200603-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Discuz! 6.0.1 - searchid SQL Injection
Discuz! 6.0.1 - searchid SQL Injection =5 & mysql=4.1 BY james +------------------------------------------------------------------+ "; if$argc4 $host=$argv1; $port=$argv2; $path=$argv3; $uid=$argv4; else echo "Usage: php ".$argv0." host port path uid\n"; echo "host: target server \n"; echo "port:...
php escapeshellcmd multibyte encoding vulnerability analysis and extension-a vulnerability warning-the black bar safety net
漏洞 公告 在 http://www.sektioneins.de/advisories/SE-2008-03.txt PHP 5 = 5.2.5 PHP 4 = 4.4.8 Some allow as GBK, EUC-KR, SJIS, etc. wide byte character set systems may be affected by this impact, the impact is still very large, the domestic virtual host should be the pass to kill, in testing this...
PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞
BUGTRAQ ID: 29796 CVE ID:CVE-2008-2666 CNCVE ID:CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题,远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下: - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...
PHP 5 'posix_access()'函数'safe_mode'绕过目录遍历漏洞
BUGTRAQ ID: 29797 CVE ID:CVE-2008-2665 CNCVE ID:CNCVE-20082665 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'posixaccess'存在'safemode绕过问题,远程攻击者可以利用漏洞访问WEB ROOT目录之外的数据,导致敏感信息泄漏。 问题代码如下: - --- PHPFUNCTIONposixaccess long mode = 0; int filenamelen, ret; char filename, path; if zendparseparametersZENDNUMARGS TSRMLSCC,...
teldir-delete.txt
!/usr/bin/perl -w Telephone Directory 2008 see down Greetz : Houssamix & Djekmani & Jadi & iuoisn & hak3r-b0y All muslims HaCkeRs : Special Thnx To : Simo64 L3azzzzzz khouya ---------------------------------------------------------------------------- TITLE: PerlSploit Class REQUIREMENTS: PHP 4 /...
Telephone Directory 2008 Arbitrary Delete Contact Exploit
No description provided by source. !/usr/bin/perl -w Telephone Directory 2008 = Arbitrary Delete Contact Founded & Exploited by : Stack Contact: Ev!L = see down Greetz : Houssamix & Djekmani & Jadi & iuoisn & hak3r-b0y All muslims HaCkeRs : Special Thnx To : Simo64 L3azzzzzz khouya...
Telephone Directory 2008 Arbitrary Delete Contact Exploit
No description provided by source. !/usr/bin/perl -w Telephone Directory 2008 = Arbitrary Delete Contact Founded & Exploited by : Stack Contact: Ev!L = see down Greetz : Houssamix & Djekmani & Jadi & iuoisn & hak3r-b0y All muslims HaCkeRs : Special Thnx To : Simo64 L3azzzzzz khouya...
phpBookingCalendar 10 d - SQL Injection
phpBookingCalendar 10 d - SQL Injection Portal :PHP Booking Calendar 10 d sql/upload Exploit Modified 2008 Download : https://sourceforge.net/project/showfiles.php?groupid=132702 exploit aported password crypted Founded & Exploited by : Stack Contact: Ev!L = see down Greetz : Houssamix & Djekmani...
archangelweblog-sql.txt
!/usr/bin/perl -w Portal : Archangel Weblog 0.90.02 Download : http://www.archangelmgt.com/ArchangelWeblogv09002.zip exploit aported password crypted mgharba :d:d:d:d Founded & Exploited by : Stack-Terrorist v40 Contact: Ev!L = see down Greetz : Houssamix & Djekmani & Jadi & iuoisn & Str0ke & All...
CVE-2008-2108
The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against...
Docebo <= 3.5.0.3 (lib.regset.php/non-blind) SQL Injection Exploit
No description provided by source. ?php printr' ----------------------------------------------------------------------------- Docebo Suite = 3.5.0.3 lib.regset.php/non-blind SQL injection exploit by rgod bug found by EgiX working with Mysql = 4.1 PHP 5.X needed by Docebo regardless of php.ini...
Directory traversal
Multiple directory traversal vulnerabilities in index.php in Tuned Studios 1 Subwoofer, 2 Freeze Theme, 3 Orange Cutout, 4 Lonely Maple, 5 Endless, 6 Classic Theme, and 7 Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page...
CVE-2008-0231
Multiple directory traversal vulnerabilities in index.php in Tuned Studios 1 Subwoofer, 2 Freeze Theme, 3 Orange Cutout, 4 Lonely Maple, 5 Endless, 6 Classic Theme, and 7 Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page...
Docebo <= 3.5.0.3 (lib.regset.php/non-blind) SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================== Docebo = 4.1 PHP 5.X needed by Docebo regardless of php.ini settings no benchmark quickly coded to perform credentials disclosure...
Docebo 3.5.0.3 - '/lib.regset.php/non-blind' SQL Injection
= 4.1 PHP 5.X needed by Docebo regardless of php.ini settings no benchmark quickly coded to perform credentials disclosure ----------------------------------------------------------------------------- '; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa....
CVE-2008-0231
Technical details about CVE-2008-0231 are not publicly provided in the supplied documents. Monitor for updates from official advisories.
PHP 5.x COM - Safe Mode Disable Functions Bypass
PHP 5.x COM - Safe Mode Disable Functions Bypass sounds good //The windows version of PHP has built in support for this extension. You do not need to //load any additional extension in order to use these functions. //You are responsible for installing support for the various COM objects that you...
Design/Logic Flaw
The disablefunctions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using inialter when iniset is disabled...