PHP 4.4.55.2.1 - _SESSION unset() Local Overflow

PHP 4.4.55.2.1 - SESSION unset Local Overflow ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...

CVE-2007-1484

The arrayuserkeycompare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zvaldtor, which triggers memory corruption and allows local users to bypass safemode and execute arbitrary code via a certain unset operation after arrayuserkeycompare has been called...

vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection

input-cleanarraygpc'p', array 'postids' = TYPESTR, ; $postids = explode',',...

CVE-2006-6966

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures parameter to...

CVE-2006-6966

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures parameter to...

phpMyAdmin多个CSRF漏洞

phpMyAdmin是一款流行的基于web的管理MySQL数据库程序。 phpMyAdmin存在跨站请求伪造问题，远程攻击者可以利用漏洞利用CSRF攻击诱使phpMyAdmin用户在目标数据库服务器上执行任意sql查询。 phpMyAdmin使用在用户会话中存储随机token来保护跨站请求伪造，CSRF意思是web站点诱使浏览用户浏览器针对其他站点发送http请求。在phpMyAdmin中的CSRF意味着其他站点可以诱使phpMyAdmin用户的浏览器发送任意sql查询到自身的数据库。 phpMyAdmin由于如下问题而可导致绕过CSRF的保护： --Token验证：...

WoltLab Burning Board Lite wbb_userid Parameter PHP Unset SQL Injection

The remote version of Burning Board Lite fails to sanitize input to the 'wbbuserid' parameter before using it in a database query. Provided PHP's 'registerglobals' setting is enabled and 'magicquotesgpc' setting is disabled, an unauthenticated attacker may be able to leverage this issue to uncove...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

papooCMS.txt

It makes use of the unset vulnerability, cms can be found at papoo.de !/usr/bin/perl require LWP::UserAgent; print "PAPOO CMS REMOTE FILE INCLUSION VULNERABILITY \n"; print "Exploit & vulnerability by Ironfist\n"; print " http://iron.gimyweb.de \n"; print "Host?"; $host = ; chomp $host; print "Pa...

CVE-2006-4466

Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in t...

CVE-2006-4466

Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in t...

CVE-2006-4467

The CVE-2006-4467 entry applies to Simple Machines Forum (SMF) 1.1RCx prior to 1.1RC3 and 1.0.x prior to 1.0.8. The issue is a variable-unsetting flaw where input data containing a numeric parameter with a value that matches an alphanumeric parameter’s hash value prevents SMF from unsetting the c...

CVE-2006-4466

Technical details for CVE-2006-4466 are not publicly available in the provided documents; the connected sources reference related PHP unset issues (e.g., CVE-2006-3017) but do not specify Joomla! version-specific impact, vectors, or fixes.

PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.3 / 5.1.4. Such versions may be affected by several issues, including a buffer overflow, heap corruption, and a flaw by which a variable may survive a call to 'unset'. %NASLMINLEVEL 70300 C Tenable Network...

security flaw

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...

USN-320-1: PHP vulnerabilities

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

security flaw

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...