41 matches found
SecurityReason : PHP 5.2.6 (error_log) safe_mode bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affect...
php526-bypass.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affect...
PHP 5.2.6 - error_log Safe_mode Bypass
PHP 5.2.6 - errorlog Safemode Bypass SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affected...
Gentoo Security Advisory GLSA 200811-05 (php)
The remote host is missing updates announced in advisory GLSA 200811-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
PHP 'create_function()'代码注入漏洞
BUGTRAQ ID: 31398 CNCAN ID:CNCAN-2008092610 PHP是一款流行的WEB编程语言。 PHP不正确过滤传递给'createfunction'的输入,远程攻击者可以利用漏洞以特权应用程序权限执行任意代码。 PHP使用createfunction函数用于CREATE一个匿名函数: 1,使用createfunction建立一个匿名函数: ?php $newfunc = createfunction'$a,$b', 'return "ln$a + ln$b = " . log$a $b;'; echo "New anonymous function:...
PHP 5.2.6 - create_function() Code Injection (1)
PHP 5.2.6 - createfunction Code Injection 1 source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be...
PHP 5.2.6 - 'create_function()' Code Injection (1)
source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be executed. An attacker who can exploit this...
CVE-2008-4107
The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...
CVE-2008-4107
The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...
CVE-2008-3658
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...
Moderate: Red Hat Security Advisory: Red Hat Application Stack v2.1 security and enhancement update
Red Hat Application Stack v2.1 is now available. This update fixes various security issues and adds several enhancements. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Red Hat Application Stack is an integrated open source application...
CVE-2008-2829
phpimap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related...
PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞
BUGTRAQ ID: 29796 CVE ID:CVE-2008-2666 CNCVE ID:CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题,远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下: - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...
PHP rfc822_write_address()函数缓冲区溢出漏洞
BUGTRAQ ID: 29829 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的phpimap.c文件中的rfc822writeaddress函数将返回地址列表的全部长度限定在16383字节,但没有考虑缓冲区大小。如果用户在To:或Cc:字段提供了超长的地址列表的话,就可能触发缓冲区溢出,导致PHP出现SIGABRT而崩溃。 PHP 5.2.6 PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net...
CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...
CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...
CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...
PHP 5.2.6 sleep() Local Memory Exhaust Exploit
No description provided by source. ?php sleep9999999; echo 'Hello World'; ? Will print hello world after 9999999 seconds... so maxexecutiontime simply dosnt work :P Why? we can find in manual:...
PHP 5.2.6 sleep() Local Memory Exhaust Exploit
Exploit for multiple platform in category dos / poc ============================================== PHP 5.2.6 sleep Local Memory Exhaust Exploit ============================================== There is some kind of issue in PHP we can run out memory even on SAFEMODE script simply allocate maximum o...
Stack overflow
Stack-based buffer overflow in the FastCGI SAPI fastcgi.c in PHP before 5.2.6 has unknown impact and attack vectors...