7 matches found
EUVD-2007-3284
Malware in sbrugna...
SUSE CVE-2007-3294
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via 1 a long second argument to the tidyparsestring function or 2 an unspecified vector to the tidyrepairstring function. NOTE...
tidy -- heap-buffer-overflow
Geoff McLane reports: tidy is affected by a write out of bounds when processing malformed html files. This issue could be abused on server side applications that use php-tidy extension with user input. The issue was confirmed, analyzed, and fixed by the tidy5 maintainer...
PHP 5.2.3 tidy extension local overflow vulnerability-vulnerability warning-the black bar safety net
? php if ! extensionloaded"tidy"die"you need Tidy extension loaded!"; $scode = "\xfc\xbb\xc7\xc4\x05\xc9\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3\x85". "\xc0\x75\xf7\xc3\xe8\xef\xff\xff\xff\x3b\x2c\x41\xc9\xc3\xad\xc1". "\x8c\xff\x26\xa9\x0b\x87\x39\xbd\x9f\x38\x22\xca\xff\xe6\x53\x27"...
PHP 5.2.3 Tidy Extension - Local Buffer Overflow
PHP 5.2.3 Tidy Extension - Local Buffer Overflow ?php //PHP 5.2.3 tidyparsestring & tidyrepairstring local //buffer overflow poc win //rgod //site: retrogod.altervista.org //quickly tested on xp sp2, worked both from the cli and on apache //let's have a look here:...
PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ====================================================== PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit ====================================================== ?php //PHP 5.2.3 tidyparsestring & tidyrepairstring local //buffer overflow...
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
?php //PHP 5.2.3 tidyparsestring & tidyrepairstring local //buffer overflow poc win //rgod //site: retrogod.altervista.org //quickly tested on xp sp2, worked both from the cli and on apache //let's have a look here: http://www.google.com/codesearch?hl=it&q=+tidyparsestring&sa=N if...