PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.
e966da86f2a1eebadb8468cec478394aIn Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
1bb7a893f98b4f5275a6230249ded0aeOS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.
756dd5d0ac3ee01ba77776f95053f131The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.
4772f42be1cda33cfe7c31e1ec898d91PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.
22912a3e52687fee6a2c7f5901009265A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.
606156cd50168f1f52ef5ba71487136dMonth Of PHP Security - PHP's strtr() function can be abused for information leak attacks, similar to all the other interruption exploits. However the interruption is not triggered inside the zend_parse_parameters() function and therefore another fix is required. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
07349a70c2ec4dae56e786408452609fMonth Of PHP Security - PHP's strpbrk() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
c86bdd33424d949ac003fcd1c6a53485Month Of PHP Security - PHP's http_build_query() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
174e7f2d708eed382f8512559f3fbdadMonth Of PHP Security - PHP's str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
388e0fd4bb12bfa8dc6af2aafb30c88bMonth Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
58a2282704682891d8a123b19550f836Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.
4346bfb6d6ada1280a974af5e3c38c10Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
9867aef6cb0e23eb7e1c90501a688b87Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
1a1045191cfaa946584ed44708cbb48cMonth Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
8f24b17078f4235b786eab6a5ba37659Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.
80e955f1e398e050dc783afd88d7e583Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.
2a2002bbe18931001acb66cd137d308cMonth Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.
755198535b782ed8d177a7e4be7a107aMonth Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.
acdaf9ccac055cc91b5f298f13f30ec9Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.
f462a1cdc1c6472c8d3b233582b1f2ecMonth Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_unlink() function. PHP versions 5.3 through 5.3.2 are affected.
19cb5a4deeb4170dcda854149e84b8d2Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_open_dir() function. PHP versions 5.3 through 5.3.2 are affected.
d0ac40b5cd3d8f7524dbc123581a6c67Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.
5b93e5818bcf5b0b9f8840853997dc2cMonth Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected.
b4dd827e21a7c859065048890533a713Month Of PHP Security - Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability. Versions 1.5.2 and below are affected.
3ac6ad61bfc977429b547f511a6972d8
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed