CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

Fckeditor 2.4.2 php arbitrary Upload File vulnerability-vulnerability warning-the black bar safety net

1, bug fckeditor/editor/filemanager/upload/php/upload.php | ? php / FCKeditor - The text editor for Internet - http://www.fckeditor.net Copyright C 2003-2007 Frederico Caldeira Knabben == BEGIN LICENSE == Licensed under the terms of any of the following licenses at your choice: - GNU General Publ...

Php Recommend <= 1.3 (AB/RFI/CI) Multiple Remote Vulnerabilities

No description provided by source. Php Recommend =1.3 Authentication Bypass/Remote File Include/Code Injection Exploits Author: scriptjunkie scriptjunkie.1 nospam googlemail nospam com Condition: RFI: allowurlfopen = On code injection: magicquotesgpc = Off Exploits: Authentication Bypass: change...

PHP 5.2.9 Bypass Exploit

?php / SecurityReason.com - Security Audit Stuff PHP 5.2.9 curl safemode & openbasedir bypass http://securityreason.com/achievementsecurityalert/61 exploit from "SecurityReason - Security Audit" lab. for legal use only http://securityreason.com/achievementexploitalert/11 author: Maksymilian...

PHP unauthorized access

mbstring.funcoverload setting in .htaccess is applied to all websites...

BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)

Salvatore "drosophila" Fresta + Application: BlindBlog + Version: 1.3.1 + Website: http://sourceforge.net/projects/cbblog/ + Bugs: A SQL Injection B Authentication Bypass C Local File Inclusion + Exploitation: Remote + Date: 03 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...

Php168 v2008 权限提升漏洞

简单分析下这个漏洞 common.inc.php if$SERVER'HTTPCLIENTIP' $onlineip=$SERVER'HTTPCLIENTIP'; elseif$SERVER'HTTPXFORWARDEDFOR' $onlineip=$SERVER'HTTPXFORWARDEDFOR'; else $onlineip=$SERVER'REMOTEADDR'; $onlineip = pregreplace”/^\d.+./”, ”\1″, filtrate$onlineip;...

CVE-2009-0452

Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 uname or 2 pass parameter...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= RoundCube Webmail echoiniget'disablefunctions'; exec, system PHP passthru"id; uname -a"; uid=666www-data gid=666www-data groups=666www-data Linux mail 2.6.28 0 Sun Jan 01 10:05:33 CET...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

PHP proc_open&#40;&#41; safe_mode bypass

It's possible to execute any code from shared library via procopen...

PHP php_getuid&#40;&#41; invalid implementation

Under some conditions user's uid or gid may be incorrectly identified...

Woltlab Burning Board SQL injection flaw

The remote web server contains a PHP script that is susceptible to SQL injection attacks. Description: The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'infodb.php' script, which can be exploited to...

PHP 5.2.6 - create_function() Code Injection (1)

PHP 5.2.6 - createfunction Code Injection 1 source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be...

CVE-2008-3659

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since...

php security and bug fix update

4.3.9-3.22.12 - set higher memorylimit in /usr/bin/pear 263501 4.3.9-3.22.11 - update to PEAR 1.4.9, matching RHEL-5 263501 bundle XMLRPC-1.5.0, ConsoleGetopt-1.2, ArchiveTar-1.3.1 fix paths in default pear.conf, installed PEAR registry replace /usr/bin/pear et al with simpler wrapper scripts...

CVE-2008-3072

CVE-2008-3072 affects Simple Machines Forum (SMF) versions 1.1.x prior to 1.1.5 and 1.0.x prior to 1.0.13 when running under PHP versions earlier than 4.2.0. The issue is that the random number generator is not seeded properly, with an impact that is currently described as unknown. The provided d...

Directory traversal

Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...

PHP 5.2.6 sleep() Local Memory Exhaust Exploit

Exploit for multiple platform in category dos / poc ============================================== PHP 5.2.6 sleep Local Memory Exhaust Exploit ============================================== There is some kind of issue in PHP we can run out memory even on SAFEMODE script simply allocate maximum o...

PHP 5.2.6 - sleep() Local Memory Exhaust

PHP 5.2.6 - sleep Local Memory Exhaust There is some kind of issue in PHP we can run out memory even on SAFEMODE script simply allocate maximum of memory and go to sleep for, let's say 9999999 seconds. sleep pass 'maxexecutiontime' setting. Ram eater sploit ? if ! $purl = @parseurl$url die'sorry,...