75 matches found
By PHP deserialization remote code execution-vulnerability warning-the black bar safety net
In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE)vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...
Apple Yosemite operating system local to mention the right to: EXP length of not more than a Twitter-bug warning-the black bar safety net
Apple's latestoperating systemYosemite was broke a local mention the right vulnerability, the vulnerability is by the German security researcher Stefan Esser discovered and has been in OS X 10.10-10.10.4 version of the test is successful. If you want to fix the vulnerability, please upgrade to th...
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
In Apple OS X 10.10.4 and prior, the DYLDPRINTTOFILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries. This module requir...
Hacker Demonstrates iOS 8.4 Jailbreak
Quite surprising but the just released Apple’s iOS 8.4 beta has been jailbroken by a well-known hacker. Yes, the first beta of iOS 8.4 released by Apple to the developers last week has been jailbroken by Stefan Esser, commonly known as "i0n1c" in the jailbreak community. i0n1c has also shared a...
Debian DSA-3195-1 : php5 - security update
Multiple vulnerabilities have been discovered in the PHP language : - CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension only applicable to 32 bit systems. - CVE-2014-9705 Buffer overflow in the enchant extension. - CVE-2015-0231 Stefan Esser discovered a use-after-free ...
Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Remote Code Execution)
Drupal 7.0 7.31 - Drupalgeddon SQL Injection Remote Code Execution // and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url =...
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Remote Code Execution)
// and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $code|$file'."\n"; die; ...
Debian DSA-2974-1 : php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an...
PHP5. 6 is found to exist the heap overflow vulnerability-vulnerability warning-the black bar safety net
This vulnerability should not Stefan Esser discovered, it should be is Stefan Esser saw the github commit only with the rattan touch melon find this vulnerability, it appears that the attention of the update is indeed a good habit. Body Vulnerability exists in DNS TXT record parsing this function...
PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)
No description provided by source. $Id: phpunserializezvalcookie.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit
No description provided by source. / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3.7 and php 5 = 5.0.0RC3. by Gyan Chawdhary [email protected] felinemenace.org/gyan Greets S.Esser for the vuln and mlxdebug.tgz, everything in the code is based on it...
PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
PHP < 4.5.0 - unserialize Overflow
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
PunBB <= 1.2.16 - Blind Password Recovery Exploit
No description provided by source. ?php / Original : http://sektioneins.de/advisories/SE-2008-01.txt Thanks to Stefan Esser, here's the exploit. Team : EpiBite firefox, petit-poney, thot Nous tenons a remercier nos mamans et papas respectifs. Let's get a fu coffee ! / // conf define'URL',...
PHP openssl_x509_parse() - Memory Corruption Vulnerability
No description provided by source. SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP...
How To Jailbreak iOS 7.1 And 7.1.1 Untethered Using 'Pangu' Jailbreak Tool
Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS 7.1 and iOS 7.1.1. This untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS...
USN-2254-1: PHP vulnerabilities
Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....
PHP - openssl_x509_parse() Memory Corruption
PHP - opensslx509parse Memory Corruption SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4...
PHP openssl_x509_parse() Memory Corruption
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....