Lucene search
K

100 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

PHP 5.2.9 cURL 'safe_mode' and 'open_basedir' Restriction-Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34475/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations. This vulnerability would be an issue in...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/19 12:12 p.m.68 views

Exploits for Two-Year-Old PHP Security Vulnerability Found

Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...

7.5CVSS10AI score0.99998EPSS
Exploits42References3
Tenable Nessus
Tenable Nessus
added 2013/07/16 12:0 a.m.16 views

PHP 5.4.x < 5.4.17 Buffer Overflow

Binary data 801405.prm...

7.3AI score
Exploits0References2
EUVD
EUVD
added 2013/07/13 10:0 a.m.3 views

EUVD-2013-4042

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

6.8CVSS10AI score0.05186EPSS
Exploits0References30
seebug.org
seebug.org
added 2013/03/12 12:0 a.m.10 views

phpcms 2008 /yp/job.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/05/23 12:0 a.m.16 views

PHP 5.4.3 多个空指针引用拒绝服务漏洞

BUGTRAQ ID: 53643 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP 5.4.3之前版本在实现时存在空指针引用导致的多个拒绝服务漏洞,攻击者可利用这些漏洞造成应用崩溃。 0 PHP 5.4.3 厂商补丁: PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net ?php / PHP = 5.4.3 wddxserialize /...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2012/02/13 12:0 a.m.68 views

PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)

Bugtraq ID: 51954 CVE ID:CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc,这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://bugs.php.net/bug.php?id=61043...

6.8CVSS9.5AI score0.06709EPSS
Exploits2
Prion
Prion
added 2012/01/18 8:55 p.m.33 views

Null pointer dereference

The tidydiagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153...

5CVSS6.8AI score0.122EPSS
Exploits11References6Affected Software1
seebug.org
seebug.org
added 2011/08/22 12:0 a.m.23 views

PHP 5.3.7之前版本空指针引用拒绝服务漏洞

Bugtraq ID: 49249 PHP是一款流行的编程语言。 php 5.3.6存在多个空指针应用错误,如果用户更改malloc大小,可导致空指针引用而使应用程序崩溃。 要演示这些缺陷,可使用OpenBSD中默认512MB的默认内存限制。我们可以分配类似510MB的大内存剩余2MB,如果某些字符串超过2MB如4MB,PHP尝试使用malloc/strlen等拷贝这个字符串,malloc就会返回空。之后程序会引发空指针引用或缓冲区溢出。 PHP 5.3.7 厂商解决方案 PHP 5.3.7已经修复此漏洞,建议用户下载使用: http://www.php.net/ 127 ulimit ...

6.9AI score
Exploits0
NVD
NVD
added 2011/06/16 11:55 p.m.22 views

CVE-2011-2202

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

6.4CVSS7.4AI score0.19235EPSS
Exploits1References21
seebug.org
seebug.org
added 2011/04/22 12:0 a.m.12 views

PHP <5.3.6 shmop_read() 函数整数溢出漏洞

No description provided by source...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/01/03 12:0 a.m.21 views

PHP 5.3.2 - zend_strtod() Floating-Point Value Denial of Service

PHP 5.3.2 - zendstrtod Floating-Point Value Denial of Service source: https://www.securityfocus.com/bid/45668/info PHP is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in PHP to hang, creating a denial-of-service condition. PHP 5.3.3 is...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2009/12/28 12:0 a.m.17 views

php168 6.0 style.php 信息泄漏漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/24 12:0 a.m.11 views

php 5.1.2 file.c 权限提升漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/14 12:0 a.m.20 views

PHP rfc822_write_address 拒绝服务漏洞

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2009/11/23 5:30 p.m.22 views

CVE-2009-3559

main/streams/plainwrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safemodeincludedir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that...

7.5CVSS6.4AI score0.02696EPSS
Exploits0References10
0day.today
0day.today
added 2009/11/06 12:0 a.m.21 views

PHP 5.3.0 pdflib file disclosure

Exploit for unknown platform in category web applications ================================ PHP 5.3.0 pdflib file disclosure ================================ Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ...

7.1AI score
Exploits0
NVD
NVD
added 2009/09/22 10:30 a.m.19 views

CVE-2009-3292

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."...

7.5CVSS6.1AI score0.02775EPSS
Exploits1References23
UbuntuCve
UbuntuCve
added 2009/08/25 12:0 a.m.25 views

CVE-2008-7068

The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have...

6.4CVSS5.9AI score0.01591EPSS
Exploits1References2
Cvelist
Cvelist
added 2007/11/20 7:0 p.m.24 views

CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

8.2AI score0.03393EPSS
Exploits0References30
Rows per page
Query Builder