Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

CVE-2006-5178

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the openbasedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the openbasedir check and before the file is opened by the underlying system, as...

BRIM < 2.0.0 - SQL Injection

No description provided by source. BRIM 2.0.0 SQL InjectionExploit information - Exploit Title: BRIM 2.0.0 SQL Injection - Google Dork: Brim project intitle:Brim - login - Date: 2012-02-20 - Author: ifnull - Tested on: Apache/2.2.3, PHP/5.1.6, MySQL 5.0.45 ? although it should work on any...

Artintern SQL Injection

|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ '\ \ \ | | \ \ \ \ \ \L\ \ \ \ \ \ | | \ \ \ / \ \ \ | | // // //// | | | | | |=----=----=----=----=----=--------=|...

Servia Kotisivut CMS SQL Injection

======================================================= Servia Kotisivut CMS - Remote Based SQL Injection Exploit ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 /' \ /'\ /'\ /\ \ /\ /\ \ 7 1 /, /\L\ ...

PHP mbstring.func_overload Webserver本地拒绝服务漏洞

BUGTRAQ ID: 33542 CVE ID: CVE-2009-0754 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 运行在Apache上的PHP允许本地用户通过修改.htaccess中的mbstring.funcoverload设置来修改同一Web服务器上所承载的其他站点的行为，将设置应用到同一服务器的其他虚拟主机，导致无法正确的处理多字节字符串。 PHP PHP 5.1.6 PHP PHP 4.4.4 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://snaps.php.net/...

Mandrake Security Advisory MDVSA-2009:066 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:066. OpenVAS Vulnerability Test $Id: mdksa2009066.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:066 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:066 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:066. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞

BUGTRAQ ID: 29796 CVE ID：CVE-2008-2666 CNCVE ID：CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题，远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下： - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...

PHP 5.2.4及之前版本存在多个漏洞

PHP是一款流行的网络编程语言。 PHP存在多个安全问题，远程攻击者可以利用漏洞进行缓冲区溢出，拒绝服务，和安全绕过攻击。 -dl处理文件名存在问题，可导致跨站脚本攻击。 -dl处理MAXPATHLEN参数大小存在问题，可导致拒绝服务攻击。 -tmlentities/htmlspecialchars处理部分多字节序列存在问题。 -fnmatch, setlocale和glob函数的glibc实现存在缓冲区溢出。 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 12.0 Slackware Linux 11.0...

PHP EXT/Session HTTP应答头注入漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID，远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart，会在部分情况下发送新会话COOKIE，这些情况如下： - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...

readfile&#40;&#41; Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4

SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007 - --- 0.Description --- - --- 1...

php-readfile.txt

SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007 - --- 0.Description --- - --- 1...

Fedora Core 5 : php-5.1.6-1.1 (2006-1024)

This update includes the latest upstream release of PHP 5.1, version 5.1.6, fixing a number of security vulnerabilities, and other bugs. An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker...

CVE-2006-5178

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the openbasedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the openbasedir check and before the file is opened by the underlying system, as...

CVE-2006-5178

CVE-2006-5178 is a race-condition vulnerability in the PHP 5.1.6 open_basedir path checks, caused by the symlink function. An attacker local to the system can exploit a sequence of symlink, mkdir, and unlink calls to alter the target path after the open_basedir check but before the file is opened...