PHP 5.x < 5.2.7 Multiple Vulnerabilities

Binary data 4779.prm...

PHP 5.4.x < 5.4.35 'donote' DoS

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.35. It is, therefore, affected by an out-of-bounds read error in the function 'donote' within the file 'ext/fileinfo/libmagic/readelf.c' that could allow application crashes. Note that Nessus has not...

PHP 5.5.x < 5.5.19 'donote' DoS

According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.19. It is, therefore, affected by an out-of-bounds read error in the function 'donote' within the file 'ext/fileinfo/libmagic/readelf.c' that could allow application crashes. Note that Nessus has not...

Monstra 3.0.1 HTTP Response Splitting

Monstra 5.1.2...

PHP 5.6.x < 5.6.1 'add_post_var' Code Execution

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.1. It is, therefore, affected by errors related to the function 'addpostvar' within file 'posthandler.c', the input filters, and the 'efree' function. Input filters that free the 'ksep' variable can als...

PHP 5.5.x < 5.5.16 Multiple Vulnerabilities

According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially craft...

DLA-0018-1 php5 - security update

Bulletin has no description...

PHP <= 4.4.4/5.1.6 htmlentities() Local Buffer Overflow PoC

No description provided by source. ?php / Nick Kezhaya / / www.whitepaperclip.com / //instantiate a string $str1 = ; for$i=0; $i 64; $i++ $str1 .= toUTF977; //MUST start with 977 before bit-shifting htmlentities$str1, ENTNOQUOTES, UTF-8; //DoS here / htmlentities method automatically assumes it i...

PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

torrenttrader 2.08 - Multiple Vulnerabilities

No description provided by source. waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind waraxe Date: 17. September 2012 Location: Estonia, Tartu Web:...

phpMUR Remote File Disclosure Vulnerability

No description provided by source. Exploit Title: phpMUR Remote File Disclosure Date: 10/08/2010 Author: Offensive [email protected] Red-Stone On Inject0r Community ! Software Link: http://sourceforge.net/projects/phpmur Version : n/a Tested on: Windows XP C0nditi0ns : PHP Version 4.x.x Exploit...

zKup CMS 2.0 <= 2.3 - Remote Upload Exploit

No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit upload Credits: Charles real F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need...

PHP <= 5.2.6 - chdir Function http URL Argument safe_mode Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/29796/info PHP is prone to multiple 'safemode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible...

PHP < 4.4.5 / 5.2.1 _SESSION Deserialization Overwrite Exploit

No description provided by source...

PHP 5.2 Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...

MercuryBoard <= 1.1.4 (User-Agent) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- MercuryBoard = 1.1.4 User-Agent SQL injection / privilege escalation exploit php version by rgod [email protected] site:...

PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit

No description provided by source. ?php // PHP = 4.4.6 ibaseconnect & ibasepconnect local buffer overflow // poc exploit // windows 2000 sp3 en / seh overwrite // by rgod // site: http://retrogod.altervista.org if !extensionloadedinterbase dieonly works with interbase extension ; $scode= \xeb\x1b...

PHP <= 4.4.6 / 5.2.1 ext/gd Already Freed Resources Usage Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP < 4.4.5 / 5.2.1 (shmop Functions) Local Code Execution Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...