Immunity Canvas: CVE_2014_5460

Name| CVE20145460 ---|--- CVE| CVE-2014-5460 Exploit Pack| CANVAS Description| CVE-2014-5460 Notes| CVE Name: CVE-2014-5460 VENDOR: Tribulant Changelog: https://wordpress.org/plugins/slideshow-gallery/changelog/ Notes: If the Suhosin-Patch is installed typically announced in the PHP banner the...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

Limonade Framework 3.0 Local File Disclosure

Exploit Title: Limonade framework Local file disclosure filtering bypass Date: 2013 17 November Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://limonade-php.github.io/‎ Tested on: Linux Ubuntu, PHP...

Apache Magicka Remote Code Execution Vulnerability

Apache and PHP remote command execution exploit that leverages php5-cgi. / Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of th...

WordPress IndiaNIC FAQS Manager 1.0 SQL Injection

Exploit Title: WordPress IndiaNIC FAQ 1.0 Plugin Blind SQL Injection Google Dork: inurl:wp-content/plugins/faqs-manager Date: 21.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://wordpress.org/extend/plugins/faqs-manager/ Software Link:...

WordPress Simply Poll Plugin 1.4.1 - CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Simply Poll Plugin 1.4.1 CSRF and stored XSS Google Dork: inurl:"/wp-content/plugins/simply-poll Date: 16.03.2013 Exploit Author: m3tamantra Vendor Homepage: http://wordpress.org/extend/plugins/simply-poll/ Software...

PHP Weby Directory Software 1.2 SQL Injection / CSRF Vulnerabilities

PHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities. =========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download:...

PHP Charts 1.0 Code Execution

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

WordPress Spam Free 1.9.2 Filter Bypass

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

PHP 5.2.x Remote Code Execution Vulnerability

Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...

PHP 'filter_globals'结构任意代码执行漏洞

PHP是一款流行的编程语言 Php 5.2.0至5.2.17之间存在一个信息泄露问题，并且由于在关闭阶段没有正确清理filterglobals结构可能导致任意代码执行 如果在设置PGmodulesactivated为1之前在启动阶段PHP bailout，filterglobals结构在关闭阶段不会被清理。后续请求会使用filterglobals结构没有清理干净的值，使用特制的请求可导致信息泄露和任意代码执行 0 Php 5.2.0 - 5.2.17 厂商解决方案 PHP 5.3已经修复此漏洞，建议用户下载使用： http://www.php.net/ ?php / This scrip...

PHP 5.4.0RC6 (x64) - Denial of Service

PHP 5.4.0RC6 x64 - Denial of Service RHEL, CentOS gdb c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x00007fd959ca5f9d in zendhashindexupdateornextinsert ht=0x7fd96480d508, h=0, pData=0x7fff75c47bd0, nDataSize=8, pDest=0x7fff75c47bc8, flag=1, zendfilename=0x7fd95a061b68...

[SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1444-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008 http://www.debian.org/security/faq -...

DSA-1444-1 php5 several issues

Bulletin has no description...

[Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Dotdeb PHP Email Header Injection Vulnerability Release Date: 2006/11/14 Last Modified: 2006/11/14 Author: Stefan Esser [email protected] Application: Dotdeb PHP 5.2.0 R...

php -- _ecalloc Integer Overflow Vulnerability

Stefan Esser reports: The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflo...