85 matches found
Internet Bug Bounty: Buffer over-read in exif_read_data with TIFF IFD tag
https://bugs.php.net/bug.php?id=70385...
Internet Bug Bounty: Use After Free Vulnerability in session deserializer
https://bugs.php.net/bug.php?id=70219...
Internet Bug Bounty: Arbitrary code execution in str_ireplace function
https://bugs.php.net/bug.php?id=70140...
php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...
WordPress WooCommerce Plugin <= 2.3.10 - XXE
This plugin has a PHP bug which allows to download critical files. Attacker can access to these files and compromise site. Solution Update the plugin...
Internet Bug Bounty: Null pointer dereference in phar_get_fp_offset()
https://bugs.php.net/bug.php?id=69720...
Internet Bug Bounty: Memory Corruption in phar_parse_tarfile when entry filename starts with null
https://bugs.php.net/bug.php?id=69453...
Weathermap 0.97c (editor.php, mapname param) - Local File Inclusion
Exploit for php platform in category web applications I. VULNERABILITY ------------------------- Local File Inclusion in Weathermap = 0.97C II. BACKGROUND ------------------------- Network Weathermap is a network visualisation tool, to take data you already have and show you an overview of your...
Interactive Web Design SQL Injection
Exploit Title: Interative Web Design SQL Injection Vulnerability Date: 27/01/2012 - 04.13 Author: 3spi0n Software Website: www.interativeweb.com.br Tested On: BackTrack 5 - Win7 Ultimate Platform: Php $ Vulnerable File: ler.php $ Demo Sites: www.jornaldacidade.net/thaisbezerra/ler.php?id=84450" S...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...
Fedora 13 : maniadrive-1.2-26.fc13.1 / maniadrive-data-1.2-5.fc13 / php-5.3.5-1.fc13 / etc (2011-0321)
This release resolves a critical issue, reported as PHP bug 53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. Note that Tenable Network Security has extracted the preceding description block directly from t...
Critical PHP Bug Security Notice and Patch
Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value. More information can be found here: http://bugs.php.net/bug.php?id=53632...
minb 0.1.0 - Remote Code Execution
!/usr/bin/python minb Remote Code Execution Exploit AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Site : http://minb.sf.net Download :...
CVE-2007-5307
Technical details about CVE-2007-5307 are not publicly available in the provided connected documents. Please monitor for updates on affected software, impact and remediation.
PHP 5.2.3 glob() Remote DoS Exploit
?php //PHP 5.2.3 glob Remote DoS Exploit //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //Tested on xp sp2, worked both from the cli EIP overwrite and on apache Denial of Service //Bug discovered with "Footzo" thanks to rgod. //To download Footzo:...
PHP168 CMS, a new vulnerability analysis-vulnerability warning-the black bar safety net
admin/global. php for background Management User name and password without any filter yielded this vulnerability if $POSTloginname && $POSTloginpwd if $webdbyzImgAdminLogin if! getcookie"yzImgNum"||getcookie"yzImgNum"!=$ yzimg die"A HREF=?& gt;verification code does not meet the/A"; else...
CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...
CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...
EUVD-2007-0235
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...
CVE-2006-6289
Woltlab Burning Board wBB Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbbuserid parameter to the top-level URI...