PHP 5.3.8 zend_strndup 拒绝服务漏洞

No description provided by source...

Null pointer dereference

The tidydiagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153...

RHEL 5 / 6 : php53 and php (RHSA-2012:0019)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0019 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP...

RedHat Update for php53 and php RHSA-2011:1423-01

Check for the Version of php53 and php OpenVAS Vulnerability Test RedHat Update for php53 and php RHSA-2011:1423-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

PHPCMS V9 sys_auth()multiple SQL injection vulnerabilities-vulnerability warning-the black bar safety net

by Flyh4t mail: phpsechotmail.com A description of Syria: the phpcms use sysauth function plus decryption of the cookie information,system more files directly from the cookie in the Get variables into the program flow. Due to the sysauth function in the design and use of the process in the presen...

PHP 5.3.x < 5.3.7 crypt() MD5 Incorrect Return Value

Binary data 6017.prm...

PHP 5.3.7之前版本空指针引用拒绝服务漏洞

Bugtraq ID: 49249 PHP是一款流行的编程语言。 php 5.3.6存在多个空指针应用错误，如果用户更改malloc大小，可导致空指针引用而使应用程序崩溃。 要演示这些缺陷，可使用OpenBSD中默认512MB的默认内存限制。我们可以分配类似510MB的大内存剩余2MB，如果某些字符串超过2MB如4MB，PHP尝试使用malloc/strlen等拷贝这个字符串，malloc就会返回空。之后程序会引发空指针引用或缓冲区溢出。 PHP 5.3.7 厂商解决方案 PHP 5.3.7已经修复此漏洞，建议用户下载使用： http://www.php.net/ 127 ulimit ...

PHPCMS V9 Cross-Station 2 and repair-vulnerability warning-the black bar safety net

Some place it with the filter, the Server environment registerglobals = On time directly toXSS and... Fishing fishing. Nothing. In order to rank before the issue. Well well to. Detail:/install/header. tpl. php? step=b&stepsb=cc/titlescriptalert1 1 1;/scriptyou fuck your own test to go. In order t...

CVE-2011-2202

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

PHP 5.3.6 - Security Bypass

PHP 5.3.6 - Security Bypass source: https://www.securityfocus.com/bid/48259/info PHP is prone to a security-bypass vulnerability. Successful exploits will allow an attacker to create arbitrary files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions...

99ko 0.4b Cross Site Request Forgery

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

PHP 4.0.x,5.0.0 disable_functions特征安全绕过漏洞

No description provided by source...

Kusaba X 0.9.1 Cross Site Request Forgery / Cross Site Scripting

KusabaX XSS and CSRF Vulnerabilites Product: KusabaX and various Futaba channels clone Vendor site: http://kusabax.cultnet.net/ Affected versions: KusabaX " ----------------------------------------------------- Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a...

PHP <5.2.11 ext-xml-xml.c文件xml_utf8_decode函数整数溢出漏洞

No description provided by source...

PHP <5.2.6 chdir() ftok()函数安全模式绕过漏洞

No description provided by source...

PHP <5.3.4 安全模式绕过

No description provided by source...

PHP <5.3.6 shmop_read() 函数整数溢出漏洞

No description provided by source...

PHP <5.3.6 整数溢出导致信息泄露

No description provided by source...

PHP <5.3.6 缓冲区溢出导致拒绝服务

No description provided by source...

PHP 5.3.x Zip Extension - stream_get_contents() Denial of Service

PHP 5.3.x Zip Extension - streamgetcontents Denial of Service source: https://www.securityfocus.com/bid/46969/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension. Successful attacks will cause the application to crash, creating a denial-of-service...