PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.
a79bf56468ece73d79827db39c362a796db5dc8b60b2c782645b659672ab1f6b
In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2
OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.
54d151a0576992acbdfc4330c685be0f33834016156eaf6b60eb50e760abfc0c
The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.
7406038cb1adf87acf1e03364bbd761251c6d8fc531065990b85c245ae25fbe4
PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.
7c04eac6d3b3e40ab566f6c73cb79f9cb313c82bbc16ddb890969b52370d94fd
A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.
7b76245682b97cb024e98bdc990fce1fd1209c0093a98ed46429a4d2ea80c3ec
Month Of PHP Security - PHP's strtr() function can be abused for information leak attacks, similar to all the other interruption exploits. However the interruption is not triggered inside the zend_parse_parameters() function and therefore another fix is required. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
ff1c81a7124ac3182baaf60163657e7a541a27e788975c4c697b8f4c4561a02a
Month Of PHP Security - PHP's strpbrk() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
274ba71a6e53ef04fb807692afac1c424fb46450b6fe5462b7db26ec367c4416
Month Of PHP Security - PHP's http_build_query() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
2114e80fb67165abaa4f330235c37963b5138cfd8dcdb9ba0b476734e41fa993
Month Of PHP Security - PHP's str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
6d847b738c636eb4f640142e72e0b46a26a2e4392356290dcf389a42c4b57155
Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
6d393c315c5467e139f5d0406c2433248990c6ecc6bf52111a89f5d78d6333f9
Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.
9e5e13070e5b1bbb208fabf81b566739464738bffb9c5bb3ff0a0421519c348e
Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
08ee43cbc95c598ee383529242b6261189ff5b0ff455b68a97bde61b467737a1
Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
645c4430db4a9b9297b0921897e599d7efa4b474715e9e39c3c5c3413aff47a3
Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
d18872107c1dda39b76981664dc3403c8e50ea470b81d3b0498d2a2b02444189
Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.
7764fa816c681b9e1f35443ed5a5834ca32d0cf19952369802e37f00f1158457
Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.
c42ae5c025360afcc5198f641ee48d83cab08933bf20481af75643e96227a51d
Month Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.
d891d11b3e1bf5820eb5f73a06da57a12a760c688e8c28e1aca1ae8888a888a2
Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.
88778104d5539c71d1331b422cb8c82ae5e1b58fcc633a019260fff969c2644a
Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.
9e0eb74b07d6b55063f896a9f5ca562cc45dd241ff70b6b37c470608c91cdd9e
Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_unlink() function. PHP versions 5.3 through 5.3.2 are affected.
4ce334e3edd4d8288ec7000354d42d816187ad32fe0257ee77eae10b958c8e2b
Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_open_dir() function. PHP versions 5.3 through 5.3.2 are affected.
40ed10c69fea27f50c0b22defe9f5214b675b8adcb883408542445dcc2f36c68
Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.
cc1e47d1b6a80eea813c4763d3c9be481928ee3189643eb432e88d686f3f68ac
Month Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected.
996b7ff568192b5ed3be02ed2b958a472762b79721476e09acd4e723d3ad26c1
Month Of PHP Security - Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability. Versions 1.5.2 and below are affected.
d7cff96350fb0bbba4a2906fcf98f4a29c9f8b294849fdf0eae4b4c47cca9052