CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...

CVE-2016-4543

The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow

PHP 7.0.5 - ZipArchive::getFrom Integer Overflow Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex and getFromName methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/phpzip.c ,---- | 2679 static void...

Internet Bug Bounty: potential remote code execution with phar archive

https://bugs.php.net/bug.php?id=71860 I can manipulate EIP register. https://drive.google.com/file/d/0B7gu5bbuZn2ITk54ZGl5SzVWNlk/view more PoC and full crash list around 300 will send later. tnx...

phpshe v1.1 do.php 存在sql注入(导致可绕过后台登录)

No description provided by source...

php54-php security update

5.4.40-3 - fix more functions accept paths with NUL character 1213407 5.4.40-2 - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026 - ftp: fix integer overflow leading to he...

Internet Bug Bounty: Type Confusion in WDDX Packet Deserialization

https://bugs.php.net/bug.php?id=71335...

CVE-2016-1904

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the 1 phpescapeshellcmd or 2 phpescapeshellarg function, leading to a heap-based buffer overflow...

CVE-2016-1903

CVE-2016-1903 affects PHP’s gdImageRotateInterpolated in ext/gd/libgd/gd_interpolation.c. Affected are PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2. A large bgd_color argument to imagerotate allows remote attackers to perform an out-of-bounds read, potentially disclosing memory co...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

CVE-2004-1063

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safemodeexecdir restrictions and execute commands outside of the intended safemodeexecdir via shell metacharacters in the current directory name. NOTE: this issue was...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2003-0861

Integer overflows in 1 base64encode and 2 the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors...

CVE-2007-4663

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...

CVE-2007-1383

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286...

CVE-2007-1460

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or openbasedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2015-7803

The phargetentrydata function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that do...

SUSE-SU-2015:1633-1 Security update for php5

This update of PHP5 brings several security fixes. Security fixes: CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 CVE-2015-6832: A dangling pointer in the unserialization of...

PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load Dynamic Library

?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344; define'ZENDINIUSER', 10; define'ZENDINIPERDIR', 11; define'ZENDINISYSTEM', 12; / 00df9000-00e16000 rw-p 00000000 00:...