exploit the possibilities
Showing 1 - 25 of 131 RSS Feed

Files from Stefan Esser

Email addresssesser at hardened-php.net
First Active2001-12-26
Last Active2017-10-27
PHP 4.2.0 / 4.2.1 Remote Compromise / Denial Of Service
Posted Oct 27, 2017
Authored by Stefan Esser

PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.

tags | advisory, remote, web, denial of service, php
MD5 | e966da86f2a1eebadb8468cec478394a
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 23, 2015
Authored by Stefan Esser, joev | Site metasploit.com

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

tags | exploit, arbitrary, local, root
systems | apple, osx
MD5 | 1bb7a893f98b4f5275a6230249ded0ae
OS X 10.10 DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 22, 2015
Authored by Stefan Esser

OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.

tags | exploit, local, proof of concept
systems | apple, osx
MD5 | 756dd5d0ac3ee01ba77776f95053f131
PHP openssl_x509_parse() Memory Corruption
Posted Dec 15, 2013
Authored by Stefan Esser

The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2013-6420
MD5 | 4772f42be1cda33cfe7c31e1ec898d91
PHP 5.4.0RC6 Denial Of Service
Posted Feb 5, 2012
Authored by Stefan Esser

PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.

tags | exploit, denial of service, php, proof of concept
MD5 | 22912a3e52687fee6a2c7f5901009265
Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
Posted Jan 19, 2012
Authored by Stefan Esser

A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.

tags | exploit, remote, overflow, arbitrary, code execution
MD5 | 606156cd50168f1f52ef5ba71487136d
MOPS-2010-040 - PHP strtr() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's strtr() function can be abused for information leak attacks, similar to all the other interruption exploits. However the interruption is not triggered inside the zend_parse_parameters() function and therefore another fix is required. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 07349a70c2ec4dae56e786408452609f
MOPS-2010-039 - PHP strpbrk() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's strpbrk() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | c86bdd33424d949ac003fcd1c6a53485
MOPS-2010-038 - PHP http_build_query() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's http_build_query() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 174e7f2d708eed382f8512559f3fbdad
MOPS-2010-037 - PHP str_fetcsv() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 388e0fd4bb12bfa8dc6af2aafb30c88b
MOPS-2010-036 - PHP htmlentities() / htmlspecialchars() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 58a2282704682891d8a123b19550f836
MOPS-2010-035 - e107 BBCode PHP Code Execution
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.

tags | exploit, arbitrary, php
MD5 | 4346bfb6d6ada1280a974af5e3c38c10
MOPS-2010-034 - PHP iconv_mime_encode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php, vulnerability
MD5 | 9867aef6cb0e23eb7e1c90501a688b87
MOPS-2010-033 - PHP iconv_subsrt() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 1a1045191cfaa946584ed44708cbb48c
MOPS-2010-032 - PHP iconv_mime_decode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 8f24b17078f4235b786eab6a5ba37659
MOPS-2010-031 - e107 SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.

tags | exploit, php, sql injection
MD5 | 80e955f1e398e050dc783afd88d7e583
MOPS-2010-030 - CMSQlite mod Parameter Local File Inclusion
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.

tags | exploit, remote, local, php, code execution, file inclusion
MD5 | 2a2002bbe18931001acb66cd137d308c
MOPS-2010-029 - CMSQlite c Parameter SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.

tags | exploit, php, sql injection
MD5 | 755198535b782ed8d177a7e4be7a107a
MOPS-2010-028 - PHP phar_wrapper_open_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
MD5 | acdaf9ccac055cc91b5f298f13f30ec9
MOPS-2010-027 - PHP phar_parse_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
MD5 | f462a1cdc1c6472c8d3b233582b1f2ec
MOPS-2010-026 - PHP phar_wrapper_unlink Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_unlink() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
MD5 | 19cb5a4deeb4170dcda854149e84b8d2
MOPS-2010-025 - PHP phar_wrapper_open_dir Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_open_dir() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
MD5 | d0ac40b5cd3d8f7524dbc123581a6c67
MOPS-2010-024 - PHP phar_stream_flush Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
MD5 | 5b93e5818bcf5b0b9f8840853997dc2c
MOPS-2010-023 - Cacti Graph Viewer SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected.

tags | advisory, php, sql injection
MD5 | b4dd827e21a7c859065048890533a713
MOPS-2010-019 - Serendipity WYSIWYG Editor Plugin Configuration Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability. Versions 1.5.2 and below are affected.

tags | exploit, php
MD5 | 3ac6ad61bfc977429b547f511a6972d8
Page 1 of 6
Back12345Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    9 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close