CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

Design/Logic Flaw

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple phpvarunserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service use-after-free via crafted session content...

CVE-2016-4342

ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 TAR, 2 ZIP, or 3 PHAR archive...

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

Affected Versions Symfony 2.3.0 to 2.3.36, 2.6.0 to 2.6.12, 2.7.0 to 2.7.8 versions of the Security component are affected by this security issue when used with PHP 5.x without the paragonie/randomcompat library listed in your Composer dependencies. Projects using PHP 7 are not affected. This iss...

Joomla 1.5 - 3.4 版本远程命令执行漏洞

使用编写好的脚本对其进行发包（注入恶意 User-Agent 存储进入数据库 Session Data ）： 其中 User-Agent 为：...

CVE-2007-1381

The wddxdeserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet wit...

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

PHP 5.4.x < 5.4.43 / 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)

Binary data 8953.prm...

PHP < 5.4.40, 5.5.x < 5.5.24, 5.6.x < 5.6.8 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP &lt; 5.6.2 - &#039;Shellshock&#039; Safe Mode / disable_functions Bypass / Command Injection

Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror Version: 5. tested on 5.6.2 Tested on: Debian 7 and CentOS 5 an...

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

No description provided by source. PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developing Web applications...

PHP-Fusion 7.02.05 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind waraxe Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.ht...

Jupiter CMS 1.1.5 - Remote File Upload Exploit

No description provided by source. ? / Title: Jupiter CMS 1.1.5 File Upload Vulnerability Advisory ID: 12070214 Risk level: High Author: DarkFig [email protected] URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = ' http://localhost/jupiter/'; $xpl =...

PHP 4/5 addslashes() NULL Byte Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11981/info PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal...

Subrion CMS 2.2.1 CSRF Add Admin Exploit

No description provided by source. !-- Title: Subrion CMS 2.2.1 CSRF Add Admin Exploit Vendor: Intelliants LLC Product web page: http://www.subrion.com Affected version: 2.2.1 Summary: Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database...

Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows)

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- Simple Machines Forum = 1.1 rc2 lngfile ZendHashDelKeyOrIndex/arbitrary local inclusion exploit Win boxes by rgod [email protected]...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

Docebo <= 3.5.0.3 (lib.regset.php/non-blind) SQL Injection Exploit

No description provided by source. ?php printr' ----------------------------------------------------------------------------- Docebo Suite = 3.5.0.3 lib.regset.php/non-blind SQL injection exploit by rgod bug found by EgiX working with Mysql = 4.1 PHP 5.X needed by Docebo regardless of php.ini...

Lunar CMS 3.3 - Remote Command Execution

Lunar CMS 3.3 - Remote Command Execution !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written...

Pimcore &quot;Pimcore_Tool_Newsletter::getObjectByToken()&quot; PHP对象注入漏洞

Pimcore是一个纯粹的基于 Zend Framework, 使用PHP 5编写的面向对象的系统。 Pimcore /lib/Pimcore/Tool/Newsletter.php中的"PimcoreToolNewsletter::getObjectByToken"方法不正确过滤用户提交的输入，允许攻击者提交特制的序列化对象删除任意文件。 0 Pimcore 2.x Pimcore 2.2.0版本已修复该漏洞，建议用户下载使用： http://www.pimcore.org...