K17313: PHP vulnerability CVE-2014-4721

Security Advisory Description The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain...

Type confusion

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit

No description provided by source. ?php / Geeklog =1.5.2 SECauthenticate/PHPAUTHUSER sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ credit goes to rgod, bug found more than a year ago working against PHP = 5....

Geeklog &lt;= 1.5.2 SEC_authenticate() SQL Injection Exploit

No description provided by source. ?php / Geeklog =1.5.2 SECauthenticate/PHPAUTHUSER sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ credit goes to rgod, bug found more than a year ago working against PHP = 5....

Geeklog SEC_authenticate()函数SQL注入漏洞

BUGTRAQ ID: 34456 Geeklog是一个免费的、开放源码的Web应用程序。它可以使用户创建一个虚拟的社区，可以管理用户，张贴文章等。Geeklog采用PHP实现，以MySQL为后台数据库。 Geeklog的index.php模块中的SECauthenticate函数没有正确的验证用户所提交的PHPAUTHUSER和 REMOTEUSER变量参数，远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。以下是/publichtml/webservices /atom/index.php文件中34-53行的有漏洞代码段： ... requireonce...

Geeklog &lt;=1.5.2 SEC_authenticate&#40;&#41;/PHP_AUTH_USER sql injection exploit

?php / Geeklog =1.5.2 SECauthenticate/PHPAUTHUSER sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ credit goes to rgod, bug found more than a year ago working against PHP = 5.0 google dorks: "By Geeklog" "Creat...

Geeklog 1.5.2 SQL Injection

= 5.0 google dorks: "By Geeklog" "Created this page in" +seconds +powered "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml vulnerability, see /publichtml/webservices/atom/index.php near lines 34-53: ... requireonce '../../lib-common.php'; if PHPVERSION 5...

CVE-2000-1230

The CVE-2000-1230 entry concerns Phorum 3.0.7, where a backdoor in auth.php3 allows remote attackers to access restricted web pages by sending an HTTP request with the PHP_AUTH_USER parameter set to boogieman. This describes a vulnerable component (auth.php3) and a clear attack vector (HTTP-based...

Phorum 3.0.7 - auth.php3 Backdoor Access

Phorum 3.0.7 - auth.php3 Backdoor Access source: https://www.securityfocus.com/bid/2274/info Phorum is a freely available, open source, popular WWW Board written by Brian Moon. It is designed to enhance the services offered on a web page, allow users to interact with one another through bulletin...