PHP 5.2.6 - 'sleep()' Local Memory Exhaust

There is some kind of issue in PHP we can run out memory even on SAFEMODE script simply allocate maximum of memory and go to sleep for, let's say 9999999 seconds. sleep pass 'maxexecutiontime' setting. Ram eater sploit ? if ! $purl = @parseurl$url die'sorry, parseurl function disabled Oo'; if !...

PHP -> set_time_limit

when safemode = on, settimelimit is "off", then we can use iniset"maxexecutiontime", 90000000; suppose the server is vulnerable PHP injection, then an attacker make a backdoor in PHP and register it in SCM of windows with win32service extension. the backdoor need wait for connections, if safemode...

PHP-Nuke News Module Index.PHP SQL注入漏洞

PHP-Nuke News是一款基于PHP-Nuke的一个新闻模块。 PHP-Nuke News不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'sid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 PHP-Nuke PHP-Nuke 7.9 PHP-Nuke PHP-Nuke 7.8 PHP-Nuke PHP-Nuke 7.7 PHP-Nuke PHP-Nuke 7.6 PHP-Nuke PHP-Nuke 7.5 PHP-Nuke PHP-Nuke 7.4...

CVE-2004-1466

CVE-2004-1466 affects Gallery. Vulnerable in the upload handling where save_photos.php stores uploads in a temporary directory; if that directory is under the webroot, a remote attacker could upload a PHP file and, within a 30‑second window before deletion, execute arbitrary code. The issue is tr...