PHP 5.x < 5.2.7 Multiple Vulnerabilities

Binary data 4779.prm...

PHP 5.5.x < 5.5.19 'donote' DoS

According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.19. It is, therefore, affected by an out-of-bounds read error in the function 'donote' within the file 'ext/fileinfo/libmagic/readelf.c' that could allow application crashes. Note that Nessus has not...

PHP 5.4.x < 5.4.35 'donote' DoS

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.35. It is, therefore, affected by an out-of-bounds read error in the function 'donote' within the file 'ext/fileinfo/libmagic/readelf.c' that could allow application crashes. Note that Nessus has not...

Monstra 3.0.1 HTTP Response Splitting

Monstra 5.1.2...

PHP 5.6.x < 5.6.1 'add_post_var' Code Execution

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.1. It is, therefore, affected by errors related to the function 'addpostvar' within file 'posthandler.c', the input filters, and the 'efree' function. Input filters that free the 'ksep' variable can als...

PHP 5.5.x < 5.5.16 Multiple Vulnerabilities

According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially craft...

DLA-0018-1 php5 - security update

Bulletin has no description...

PHP <= 3.0.13 'safe_mode' Failure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web...

torrenttrader 2.08 - Multiple Vulnerabilities

No description provided by source. waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind waraxe Date: 17. September 2012 Location: Estonia, Tartu Web:...

phpMUR Remote File Disclosure Vulnerability

No description provided by source. Exploit Title: phpMUR Remote File Disclosure Date: 10/08/2010 Author: Offensive [email protected] Red-Stone On Inject0r Community ! Software Link: http://sourceforge.net/projects/phpmur Version : n/a Tested on: Windows XP C0nditi0ns : PHP Version 4.x.x Exploit...

PHP Agenda 2.2.8 - SQL Injection Vulnerability

No description provided by source. Title:Simple PHP Agenda 2.2.8 SQLi Vulnerability Version: php-agenda 2.2.8 Author/Found by: loneferret Manifacturer/Software link: http://sourceforge.net/projects/php-agenda/files/latest/download Other vulnerability: http://www.exploit-db.com/exploits/18694/ Dat...

zKup CMS 2.0 <= 2.3 - Remote Upload Exploit

No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit upload Credits: Charles real F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need...

PBBoard 2.1.4 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu...

PHP <= 5.2.6 - chdir Function http URL Argument safe_mode Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/29796/info PHP is prone to multiple 'safemode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible...

PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP < 4.4.5 / 5.2.1 (shmop Functions) Local Code Execution Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA Private-Key Disclosure Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP <= 4.4.4/5.1.6 htmlentities() Local Buffer Overflow PoC

No description provided by source. ?php / Nick Kezhaya / / www.whitepaperclip.com / //instantiate a string $str1 = ; for$i=0; $i 64; $i++ $str1 .= toUTF977; //MUST start with 977 before bit-shifting htmlentities$str1, ENTNOQUOTES, UTF-8; //DoS here / htmlentities method automatically assumes it i...

PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit

No description provided by source. ?php // PHP = 4.4.6 ibaseconnect & ibasepconnect local buffer overflow // poc exploit // windows 2000 sp3 en / seh overwrite // by rgod // site: http://retrogod.altervista.org if !extensionloadedinterbase dieonly works with interbase extension ; $scode= \xeb\x1b...

PHP <= 5.2.1 substr_compare() Information Leak Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...