SUSE CVE-2007-3378

The 1 sessionsavepath, 2 iniset, and 3 errorlog functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safemode and openbasedir restrictions and possibly execute arbitrary commands, as demonstrated using a phpvalue, b...

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by setting the PHPVALUE path info to a malicious value, whic...