96 matches found
FireAnt 1.3 - 'index.php' Local File Inclusion
Name : FireAnt v1.3 Local File Inclusion Vulnerability Author : cOndemned Dork : use Your brain : Greetz : ZaBeaTy, str0ke, GregStar, irk4z, Sandtalker & Avantura ; Source : // index.php 8. $page = "buglist"; //default page 9. if !empty$GET'page' 10. $page = striptags$GET'page'; 99. if...
Debian Security Advisory DSA 531-1 (php4)
The remote host is missing an update to php4 announced via advisory DSA 531-1. OpenVAS Vulnerability Test $Id: deb5311.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 531-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
shoutpro-pwn.txt
?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requireme...
ls-exec.txt
Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...
ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...
php < 4.3.8
The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host if the option memorylimit is set. Another bug in the function striptags may allow an...
FreeBSD : php -- strip_tags XSS vulnerability (edf61c61-0f07-11d9-8393-000103ccf9d6)
Stefan Esser of e-matters discovered that PHP's striptags function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network...
GLSA-200407-13 : PHP: Multiple security vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200407-13 PHP: Multiple security vulnerabilities Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The striptags function, used to sanitize user input, could in certain cases allow tags containing \0...
security flaw
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 531-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 20th, 2004 http://www.debian.org/security/faq -...
PHP
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues memorylimit handling and a problem in the striptags function. Sites using PHP should upgrade. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
Important: Red Hat Security Advisory: php security update
Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP...
Important: Red Hat Security Advisory: php security update
Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit configuration setting is enabled in versions of PHP 4 before 4.3.8. If a remote attacker...
[Full-Disclosure] Advisory 12/2004: PHP strip_tags() bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: PHP striptags bypass vulnerability Release Date: 2004/07/14 Last Modified: 2004/07/14 Author: Stefan Esser [email protected] Application: PHP = 4.3.7 PHP5 = 5.0.0RC3 Severity: A bina...
PHP 4.x5.0 - Strip_Tags() Function Bypass
PHP 4.x5.0 - StripTags Function Bypass source: https://www.securityfocus.com/bid/10724/info It is reported that it is possible to bypass PHPs striptags function. It is reported that under certain circumstances, PHPs striptags function will improperly leave malformed tags in place. This...
php -- strip_tags cross-site scripting vulnerability
Stefan Esser of e-matters discovered that PHP's striptags function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks...