PHP multiple security vulnerabilities

phar extension information leaks, SPLObjectStorage information leaks, error messages information leaks, variables spoofing...

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow Metasploit $Id: novelliprintcallbackurl.rb 10429 2010-09-21 18:46:29Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework we...

Debian DSA-2109-1 : samba - buffer overflow

A vulnerability has been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The sidparse function does not correctly check its input lengths when reading a binary representation of a Windows SID Security ID. This allows a malicious client to send a sid that can overflow the...

RarCrack 0.2 - 'Filename init() .bss' (PoC)

The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for reassure me when i sayed "WHY EIP IT'S NOT...

RarCrack 0.2 - Filename init() .bss (PoC)

RarCrack 0.2 - Filename init .bss PoC The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for...

Joomla Restaurant Guide Cross Site Scripting / Local File Inclusion / SQL Injection

Exploit Title: Joomla Component comrestaurantguide Multiple Vulnerabilities Date: 18.09.2010 Author: Valentin Category: webapps/0day Version: 1.0.0 Tested on: Debian lenny, Apache2, MySQL 5, Joomla 1.5.x CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::...

[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-2109-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 16, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-2109-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 16, 2010 http://www.debian.org/security/faq -...

DSA-2109-1 samba - buffer overflow

Bulletin has no description...

Oracle Secure Backup Administration selector Variable Command Injection (CVE-2010-0906)

Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage NAS devices and distributed hosts. A command execution vulnerability exists in Oracle Secure Backup server. The vulnerability is due to an insufficient sanitizing when...

SQL injection vulnerability in CompuCMS

Vulnerability ID: HTB22580 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincompucms1.html Product: CompuCMS Vendor: CompuSoft A/S http://www.compusoft.dk/ Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability...

Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)

Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. Fixed a possible resource destruction issues in shmputvar. Fixed a possible information leak because of...

AneCMS SQL Injection

Exploit Title: anecms SQli Date: 23/08/2010 Author: Sweet Contact : [email protected] Software Link: anecms.com Download: anecms.com/anecms.zip Version: All Tested on: WinXp sp3 Description : anecms is an open source blog manager Sqli: The POST variable username has been set to sweet'" on...

AneCMS - '/registre/next' SQL Injection

Exploit Title: anecms SQli Date: 23/08/2010 Author: Sweet Contact : [email protected] Software Link: anecms.com Download: anecms.com/anecms.zip Version: All Tested on: WinXp sp3 Description : anecms is an open source blog manager...

CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

Default configuration

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow

=== Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable "generator" copied to 128 byte buffer "query" size of query variable. So its cause off-by-one overflow. You can see 1 snprintf copy statement to "query...

DSA-2089-1 php5 - several vulnerabilities

Bulletin has no description...

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

CVE-2010-2929

Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...