rspa-rfi.txt

RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client javascript events. Visit...

PHP 5.1.6 - Msg_Receive() Memory Allocation Integer Overflow

PHP 5.1.6 - MsgReceive Memory Allocation Integer Overflow source: https://www.securityfocus.com/bid/23236/info PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrup...

EUVD-2007-1575

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...

MOPB-hash.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

MOPB-extfilter.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

MOPB-rejected.txt

= 5.2.0"; findOffsets...

PHP 5.2.1 - hash_update_file() Freed Resource Usage

PHP 5.2.1 - hashupdatefile Freed Resource Usage ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...

PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / //...

PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

PHP 5.2.0/5.2.1 Rejected Session ID Double Free Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP 5.2.1 - session_regenerate_id() Double-Free

PHP 5.2.1 - sessionregenerateid Double-Free ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...

PHP <= 5.2.1 session_regenerate_id() Double Free Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP 5.2.1 - 'session_regenerate_id()' Double-Free

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

CVE-2007-1383

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286...

PHP 5.2.0 - EXTFilter FDF Post Filter Bypass

PHP 5.2.0 - EXTFilter FDF Post Filter Bypass alert/XSS/;"; $POST'var2' = " ' UNION SELECT "; $url = "http://127.0.0.1/info.php"; // You do not need to change anything below this $outfdf = fdfcreate; foreach $POST as $key = $value fdfsetvalue$outfdf, $key, $value, 0; fdfsave$outfdf, "outtest.fdf";...

MOPB-17-2007:PHP ext/filter FDF Post Bypass Vulnerability

Summary Since PHP 5.2.0 there is a new filtering extension in PHP that is on the one hand supposed to be used by applications to filter user input and on the other hand able to enforce site wide filtering. However due to its broken design it is possible to sneak POST data through the site wide...

PHP 5.2.0 / PHP with PECL ZIP <= 1.8.3 zip:// URL Wrapper BoF Exploit

Exploit for linux platform in category local exploits ===================================================================== PHP 5.2.0 / PHP with PECL ZIP = 1.8.3 zip:// URL Wrapper BoF Exploit ===================================================================== ?php...

CVE-2007-1286

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...

MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability

Summary The Month of PHP Bugs starts with a PHP 4 security vulnerability that exploits a problem known for many years among the PHP developers. When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will resul...

Multiple PHP security vulnerabilities

Crossite scripting, DoS, protection bypass, buffer overflows...