CVE-2004-1063

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safemodeexecdir restrictions and execute commands outside of the intended safemodeexecdir via shell metacharacters in the current directory name. NOTE: this issue was...

PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load Dynamic Library

?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344; define'ZENDINIUSER', 10; define'ZENDINIPERDIR', 11; define'ZENDINISYSTEM', 12; / 00df9000-00e16000 rw-p 00000000 00:...

PHP 5.3.6 - Security Bypass

PHP 5.3.6 - Security Bypass source: https://www.securityfocus.com/bid/48259/info PHP is prone to a security-bypass vulnerability. Successful exploits will allow an attacker to create arbitrary files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions...

PHP 4.0.x,5.0.0 disable_functions特征安全绕过漏洞

No description provided by source...

PHP <5.2.6 chdir() ftok()函数安全模式绕过漏洞

No description provided by source...

PHP <5.3.4 安全模式绕过

No description provided by source...

php168 6.1 login.php 安全模式绕过漏洞

No description provided by source...

php 5.0.5 安全模式绕过

No description provided by source...

php 5.1.2 zend-hash.c 安全模式绕过

No description provided by source...

PHP 5.2.4 htaccess 文件导致safe_mode和open_basedir权限绕过

No description provided by source...

PHP 5.2.12/5.3.1 - &#039;symlink()&#039; open_basedir Bypass

This is exploit from Security Audit Lab - SecurityReason labs. Author : Maksymilian Arciemowicz Script for legal use only. PHP 5.2.12 5.3.1 symlink openbasedir bypass More: SecurityReason '; ifempty$file exit; if!iswritable"." die"not writable directory"; $level=0; for$as=0;$as$fakedep;$as++...

PHP magic_quotes_gpc 设计错误导致安全绕过

No description provided by source...

CVE-2009-3559

main/streams/plainwrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safemodeincludedir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

PHP proc_open&#40;&#41; safe_mode bypass

It's possible to execute any code from shared library via procopen...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

PHP 5.2.0 - EXTFilter FDF Post Filter Bypass

PHP 5.2.0 - EXTFilter FDF Post Filter Bypass alert/XSS/;"; $POST'var2' = " ' UNION SELECT "; $url = "http://127.0.0.1/info.php"; // You do not need to change anything below this $outfdf = fdfcreate; foreach $POST as $key = $value fdfsetvalue$outfdf, $key, $value, 0; fdfsave$outfdf, "outtest.fdf";...

phpBypass.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.1.6 / 4.4.4 Critical phpadmin bypass by inirestore Author: Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 05.09.2006 - - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 = x...

CVE-2005-4077

Multiple off-by-one errors in the cURL library libcurl 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that 1 are malformed in a way that prevents a terminating null byte from being added to...