Lucene search
K

534 matches found

seebug.org
seebug.org
added 2008/07/12 12:0 a.m.33 views

Dedecms V5可执行文件上传漏洞

这是一个比较有意思的东西,但是成功利用起来并不容易,呵呵。 首先看configrglobals.php文件,摘的一段代码如下。这里作者本意是为了帮我们注册变量的,但是他却疏忽了我们不但能注册变量,还能覆盖一些变量。configrglobalsmagic.php也有同样的问题 ………………………………………………………………………… ifisarray$GET foreach$GET AS $key = $value $$key = $value; //可以覆盖任意变量 ………… …………………………………………………………………………...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/09/20 1:10 p.m.5 views

php money_format format string issue

The moneyformat function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple 1 %i and 2 %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability...

7.5CVSS5.8AI score0.02025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2007/06/04 12:0 a.m.7 views

PT-2007-4176 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.3 PHP versions prior to 4.4.8 Description: The issue is related to multiple integer overflows in the chunk split function. This can be exploited by remote attackers to cause a denial of service crash or execute...

7.5CVSS7.4AI score0.90768EPSS
Exploits27References108
RedHat Linux
RedHat Linux
added 2007/04/20 9:47 a.m.4 views

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

6.8CVSS6.2AI score0.08321EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/04/20 9:47 a.m.4 views

security flaw

The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...

6.8CVSS5.9AI score0.05241EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/04/16 3:38 p.m.2 views

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

7.5CVSS7.2AI score0.18162EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/04/16 3:27 p.m.3 views

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

6.8CVSS6.2AI score0.08321EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/04/16 3:27 p.m.8 views

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

7.5CVSS7.2AI score0.18162EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/04/16 11:24 a.m.2 views

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

6.8CVSS6.2AI score0.08321EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/03/14 2:1 a.m.1 views

php session extension global variable clobber

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

6.8CVSS6.2AI score0.09233EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/02/21 12:42 p.m.1 views

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

5CVSS6AI score0.09082EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/02/19 9:8 p.m.13 views

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

7.5CVSS6.3AI score0.10382EPSS
Exploits1References4
seebug.org
seebug.org
added 2006/12/23 12:0 a.m.13 views

KISGB <= 5.1.1 (authenticate.php) Remote File Include Vulnerability

No description provided by source. KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx +Files :...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/12/23 12:0 a.m.57 views

KISGB (Keep It Simple Guest Book)* [default_path_for_themes] Remote File Include

KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx +Files : +authenticate.php? +code : + +if...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2006/12/22 12:0 a.m.9 views

KISGB 5.1.1 - Authenticate.php Remote File Inclusion

KISGB 5.1.1 - Authenticate.php Remote File Inclusion KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/10/05 11:30 a.m.2 views

security flaw

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function Zend/zendalloc.c...

10CVSS6.3AI score0.15011EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/07/27 8:5 p.m.3 views

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

4.3CVSS7.5AI score0.10813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2006/07/27 8:5 p.m.2 views

security flaw

Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...

4.3CVSS7.5AI score0.48895EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/07/27 8:5 p.m.4 views

security flaw

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

2.6CVSS7.5AI score0.06241EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2006/04/25 2:33 p.m.3 views

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

4.3CVSS7.5AI score0.10813EPSS
Exploits1References4
Rows per page
Query Builder