737 matches found
Atmail Remote Authentication Bypass, Full DB Compromise
@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...
Vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Information disclosure уязвимостях в Power Phlogger. XSS: В скрипте dspLogs.php. http://site/dspLogs.php?Shostname=223E3Cscript3Ealertdocument.cookie3C/script3E...
Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
---- Uebimiau Web-Mail Remote File Reader ... ITDefence.ru Antichat.ru Uebimiau Web-Mail Remote File Reader Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\ / // 2007 //// // //\ \ \...
PHP 5.2.4 ionCube - ioncube_read_file Safe Mode disable_functions Bypass
PHP 5.2.4 ionCube - ioncubereadfile Safe Mode disablefunctions Bypass ionCube output:"; echo $MyBootioncube; ? milw0rm.com 2007-10-11...
DEBIAN-CVE-2007-4840
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the outcharset parameter to the iconv function; or a long string in the charset parameter to the 2 iconvmimedecodeheaders, 3 iconvmimedecode, or 4 iconvstrlen function...
CVE-2007-4825
CVE-2007-4825 is a directory traversal vulnerability in PHP 5.2.4 and earlier that allows bypassing open_basedir restrictions and may enable arbitrary code execution via .. in the dl() function. The vulnerability is cited in multiple advisories (SUSE/CVE-2007-4825) and is reflected in an NVD entr...
Remote code execution
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit
No description provided by source. ?php / Inphex 317 Bytes , Windows Command Shell Bind TCP Inline , Architecture x86 , Windows TinyXP - vm. GET /script.php HTTP/1.1\n telnet 192.168.2.32 4444 Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001 Microsoft Corp. C:\apache...
PHP <= 5.2.0 (php_win32sti) Local Buffer Overflow PoC (win32)
Exploit for unknown platform in category dos / poc ============================================================= PHP // x Risk: Local Buffer Overflow Medium - High Risk // x Notes: EDX and EIP are able to be controlled and therefore // have the potential to dictate program flow. // // x "Sangre,...
php 5.2.3 localexploit for win-vulnerability warning-the black bar safety net
Ghost earners note: the compressed package there are two files, respectively snmpexploit.php References //PHP = 5.2.3 snmpget object id local Buffer Overflow eip overwrite exploit //by GaRY wofeiwoatgmaildotcom //Based on by shinnai //Just change the shellcode //Tested on xp Pro sp2 cn...
PHP 5.2.3 Win32std - win_shell_execute Safe Mode Disable Functions Bypass
PHP 5.2.3 Win32std - winshellexecute Safe Mode Disable Functions Bypass milw0rm.com 2007-07-24...
CVE-2007-2727
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit
Exploit for unknown platform in category remote exploits ============================================================== XAMPP for Windows Connect$POST'host', $POST'user', $POST'password', $POST'database'; echo "DBServer: $POSTdbserver"; $result = $db-Execute"SELECT FROM $POSTtable";...
PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory)
Title: PunBB = 1.2.14 Multiple Vulnerabilities Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/04/08 Released on: 2007/04/11 Risk level: High URL: http://www.acid-root.new.fr/advisories/13070411.txt Summary: SQL Injection, Cross site scripting, Code execution Solution: A new version o...
Woven dream content management system(DEDECMS 3.the X+4. X upload vulnerability-vulnerability warning-the black bar safety net
Ghost boy note:accurate to say should be DEDECMS used in the php version of FCKeditor there upload vulnerability, the gif89a file header to cheat, did not expect the php version of FCKeditor, even the existence of such a vulnerability, the gif89a file header spoofing is not fresh things. Sources ...
WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability
Exploit for unknown platform in category web applications =============================================================== WebSPELL = 4.01.02 picture.php File Disclosure Vulnerability =============================================================== WebSPELL = 4.01.02 picture.php Remote File...
MOPB-sessiondecode.txt
...
PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
PHP GD扩展释放资源访问代码执行漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP GD扩展存在设计错误,远程攻击者可能利用此漏洞获得对释放内存的访问并使用恶意数据覆盖而执行任意代码。 问题存在于GD函数中,在通过资源识别器获得资源数据后,可能用usercode来中断PHP函数,usercode就会会破坏资源,并获取与其内存相同位置来分配PHP字符串相同大小的空间作为释放资源。这个字符串可以用于建立特定构建的资源,以允许利用内部PHP函数,当恶意中断终止函数时,会继续使用替代资源数据。导致任意代码执行。 要获得需要的函数中断,通常需要放置对象到函数的某个参数中,这会在转化一个超长值时触发PHP错误。 PHP PHP...