phpBB远程拒绝服务漏洞

Bugtraq ID:65481 phpBB是phpBB组开发的一套开源的使用PHP语言开发的Web论坛软件。该软件具有支持多国语言、支持多种数据库和自定义版面设计等特点。 phpBB中存在远程拒绝服务漏洞。攻击者可利用该漏洞造成受影响应用程序崩溃，拒绝服务合法用户。 0 phpBB phpBB 3.0.8 phpBB phpBB 3.0.7 phpBB phpBB 3.0.6 phpBB phpBB 3.0.5 phpBB phpBB 3.0.4 phpBB phpBB 3.0.3 phpBB phpBB 3.0.2 phpBB phpBB 3.0.1 phpBB phpBB 3.0...

Fedora Update for php FEDORA-2013-23215

Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2013-23215 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

PHP: sapi_header_op() %0D sequence handling security bypass

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

WikkaWiki vulnerable to cross-site scripting

Overview WikkaWiki contains a cross-site scripting vulnerability. WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

Smarty vulnerable to cross-site scripting

Overview Smarty contains a cross-site scripting vulnerability. Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Fedora Update for php FEDORA-2012-10936

Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2012-10936 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Root Exploit Western Digital's WD TV Live SMP/Hub

Exploit for hardware platform in category remote exploits Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device...

crypt(): DES encrypted password weakness

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

VulnCheck KEV: CVE-2012-2311

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line...

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure

Integer overflow in the exifprocessIFDTAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offsetval value in an EXIF header in a JPEG file, a...

Posse Softball Director CMS - 'team.php' Blind SQL Injection

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-. Posse Softball Director CMS Blind SQL Injection Vulnerability team.php .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-. + Autor: easy laster + Vulnerabilities Blind SQL Injection + Page:...

CVE-2011-1657

The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service application crash via certain flags arguments, as demonstrated by a GLOBALTDIRFUNC and b GLOBAPPEND...

PT-2011-3156 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.3.6 Description: The issue is related to an integer signedness error in the zip stream.c file within the Zip extension. This error allows context-dependent attackers to cause a denial of service, specifically CPU...

php: XSS mitigation bypass via utf8_decode()

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

Joomla! Component JE Directory 1.0 - SQL Injection

Joomla! Component JE Directory 1.0 - SQL Injection ----------------------------Information------------------------------------------------ +Name : joomla JE Directory = SQL injection Vulnerability Exploit +Autor : Easy Laster +Date : 30.09.2010 +Script : joomla JE Directory +Demo :...

PHP <= 5.3.2 ext/phar/stream.c和ext/phar/dirstream.c文件多个格式串漏洞

BUGTRAQ ID: 40173 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的ext/phar/stream.c文件中内部所使用的pharstreamflush、pharwrapperunlink、 pharparseurl、pharwrapperopenurl函数以及ext/phar/dirstream.c文件中内部所使用的pharwrapperopendir函数在处理出错情况时存在格式串漏洞。在出现错误的情况下会将error变量用作格式串来调用...

React Software Local File Inclusion

React software local file inclusion - date: 29.03.2010 - author: SNK - language: php - page: http://react.nl - vuln: http://page/forum/listmessage/index.php?action=../../../../../../../../../../../../../etc/passwd%00 - dork: Powered by React - www.react.nl -- GMX.at - Österreichs FreeMail-Dienst...

PHPKit 1.6.1 - mailer.php SQL Injection

PHPKit 1.6.1 - mailer.php SQL Injection Phpkit 1.6.1 SQL Injection member.php | | ||| | | | | | -| .'| || | | | -| | | -| | || ||,|||| ||||| ||| ||||| Script: Phpkit 1.6.1 SQL Injection member.php Vulnerabilities SQL Injection Language: PHP Download: this script is for free Founder: ea$y laster...

Erotik Auktionshaus - news.php SQL Injection

Erotik Auktionshaus - news.php SQL Injection Erotik Auktionshaus SQL Injection news.php | | ||| | | | | | -| .'| || | | | -| | | -| | || ||,|||| ||||| ||| ||||| Script: Erotik Auktionshaus news.php Vulnerabilities SQL Injection Language: PHP Download: buy this script Founder: ea$y laster Peace to...