35 matches found
PHP <= 5.2.1 session_regenerate_id() Double Free Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
PHP 5.2.0 (OSX) - EXT/Filter Space Trimming Buffer Underflow
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
CVE-2007-1375
Integer overflow in the substrcompare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991...
MOPB-14-2007:PHP substr_compare() Information Leak Vulnerability
Summary PHP 5 comes with the substrcompare function that allows binary safe, optionally case insensitive, comparison of 2 strings from an offset, up to length characters. Due to an integer overflow while performing sanity checks on the arguments it is possible to compare offsets far outside the...
PHP <= 5.2.1 substr_compare() Information Leak Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
PHP <= 5.2.1 substr_compare() Information Leak Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
PHP <= 5.2.1 substr_compare() Information Leak Exploit
Exploit for multiple platform in category local exploits ====================================================== PHP = 5.2.1 substrcompare Information Leak Exploit ====================================================== ?php //////////////////////////////////////////////////////////////////////// /...
PHP 5.2.1 - 'substr_compare()' Information Leak
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
PHP 5.2.1 - substr_compare() Information Leak
PHP 5.2.1 - substrcompare Information Leak ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...
SUSE-SA:2006:031: PHP4,PHP5
The remote host is missing the patch for the advisory SUSE-SA:2006:031 PHP4,PHP5. This update fixes the following security issues in the PHP scripting language, both version 4 and 5: - Invalid characters in session names were not blocked. - CVE-2006-2657: A bug in zendhashdel allowed attackers to...
PHP多个远程安全漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的substrcompare函数没有正确的验证偏移/长度参数。此外,PHP还没有正确的处理会话名称中的某些字符。攻击者可以利用这些漏洞远程执行任意代码。 PHP PHP 4.4.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net/downloads.php...
USN-320-1: PHP vulnerabilities
The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...
CVE-2006-1991
The substrcompare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service memory access violation via an out-of-bounds offset argument...
Design/Logic Flaw
The substrcompare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service memory access violation via an out-of-bounds offset argument...
CVE-2006-1991
The substrcompare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service memory access violation via an out-of-bounds offset argument...