36 matches found
cpCommerce 1.2.x File Inclusion
!/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation: cpCommerce contains one flaw that allows an attacker to...
Debian DSA-1578-1 : php4 - several vulnerabilities
Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 The sessionstart function allows remote attackers to insert arbitrary attributes int...
Debian DSA-1444-2 : php5 - several vulnerabilities
It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. For reference the original advisory below : Several remote vulnerabilities have been discovered in PHP, a...
[SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1444-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008 http://www.debian.org/security/faq -...
CVE-2007-3799
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
Sql injection
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
CVE-2007-3799
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
CVE-2007-3799
CVE-2007-3799 is a PHP vulnerability in the session cookie handling within ext/session. Reports indicate that PHP 4.x (up to 4.4.7) and 5.x (up to 5.2.3) allows remote attackers to insert arbitrary attributes into the session cookie. This can occur via a cookie sourced from (1) PATH_INFO, (2) the...
PHP EXT/Session HTTP应答头注入漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID,远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart,会在部分情况下发送新会话COOKIE,这些情况如下: - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...
Netmao Movie network cat movie system vulnerabilities-vulnerability warning-the black bar safety net
IceskYsl in NOHACK published on the php vulnerabilities topic. The first is the include file vulnerability. So today I quickly found one, not exclusive to! Huh. Program: Netmao Movie network cat movie system. Description: now its latest version is 3. 0, due to the encryption, so it is not good to...
PHP < 4.4.5 / 5.2.1 _SESSION unset() Local Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.0 session.savepath safemode and openbasedir bypass Author: Maksymilian Arciemowicz SecurityReason Date: - - Written: 02.10.2006 - - Public: 08.12.2006 SecurityAlert Id: 43 CVE: CVE-2006-6383 SecurityRisk: High Affected Software: PHP 5.2.0...
miniCWB <= 1.0.0 (contact.php) Local File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
CVE-2006-0636
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...
CVE-2005-3416
phpBB 2.0.17 and earlier, when registerglobals is enabled and the sessionstart function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $SESSION and $HTTPSESSIONVARS variables to strings instead of arrays, which causes an arraymerge functi...
CVE-2005-3416
phpBB 2.0.17 and earlier, when registerglobals is enabled and the sessionstart function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $SESSION and $HTTPSESSIONVARS variables to strings instead of arrays, which causes an arraymerge functi...