exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 131 RSS Feed

Files from Stefan Esser

Email addresssesser at hardened-php.net
First Active2001-12-26
Last Active2017-10-27
PHP 4.2.0 / 4.2.1 Remote Compromise / Denial Of Service
Posted Oct 27, 2017
Authored by Stefan Esser

PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.

tags | advisory, remote, web, denial of service, php
SHA-256 | a79bf56468ece73d79827db39c362a796db5dc8b60b2c782645b659672ab1f6b
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 23, 2015
Authored by Stefan Esser, joev | Site metasploit.com

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

tags | exploit, arbitrary, local, root
systems | apple, osx
SHA-256 | 5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2
OS X 10.10 DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 22, 2015
Authored by Stefan Esser

OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.

tags | exploit, local, proof of concept
systems | apple, osx
SHA-256 | 54d151a0576992acbdfc4330c685be0f33834016156eaf6b60eb50e760abfc0c
PHP openssl_x509_parse() Memory Corruption
Posted Dec 15, 2013
Authored by Stefan Esser

The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2013-6420
SHA-256 | 7406038cb1adf87acf1e03364bbd761251c6d8fc531065990b85c245ae25fbe4
PHP 5.4.0RC6 Denial Of Service
Posted Feb 5, 2012
Authored by Stefan Esser

PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.

tags | exploit, denial of service, php, proof of concept
SHA-256 | 7c04eac6d3b3e40ab566f6c73cb79f9cb313c82bbc16ddb890969b52370d94fd
Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
Posted Jan 19, 2012
Authored by Stefan Esser

A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.

tags | exploit, remote, overflow, arbitrary, code execution
SHA-256 | 7b76245682b97cb024e98bdc990fce1fd1209c0093a98ed46429a4d2ea80c3ec
MOPS-2010-040 - PHP strtr() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's strtr() function can be abused for information leak attacks, similar to all the other interruption exploits. However the interruption is not triggered inside the zend_parse_parameters() function and therefore another fix is required. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | ff1c81a7124ac3182baaf60163657e7a541a27e788975c4c697b8f4c4561a02a
MOPS-2010-039 - PHP strpbrk() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's strpbrk() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 274ba71a6e53ef04fb807692afac1c424fb46450b6fe5462b7db26ec367c4416
MOPS-2010-038 - PHP http_build_query() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's http_build_query() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 2114e80fb67165abaa4f330235c37963b5138cfd8dcdb9ba0b476734e41fa993
MOPS-2010-037 - PHP str_fetcsv() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 6d847b738c636eb4f640142e72e0b46a26a2e4392356290dcf389a42c4b57155
MOPS-2010-036 - PHP htmlentities() / htmlspecialchars() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 6d393c315c5467e139f5d0406c2433248990c6ecc6bf52111a89f5d78d6333f9
MOPS-2010-035 - e107 BBCode PHP Code Execution
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.

tags | exploit, arbitrary, php
SHA-256 | 9e5e13070e5b1bbb208fabf81b566739464738bffb9c5bb3ff0a0421519c348e
MOPS-2010-034 - PHP iconv_mime_encode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php, vulnerability
SHA-256 | 08ee43cbc95c598ee383529242b6261189ff5b0ff455b68a97bde61b467737a1
MOPS-2010-033 - PHP iconv_subsrt() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 645c4430db4a9b9297b0921897e599d7efa4b474715e9e39c3c5c3413aff47a3
MOPS-2010-032 - PHP iconv_mime_decode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | d18872107c1dda39b76981664dc3403c8e50ea470b81d3b0498d2a2b02444189
MOPS-2010-031 - e107 SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.

tags | exploit, php, sql injection
SHA-256 | 7764fa816c681b9e1f35443ed5a5834ca32d0cf19952369802e37f00f1158457
MOPS-2010-030 - CMSQlite mod Parameter Local File Inclusion
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.

tags | exploit, remote, local, php, code execution, file inclusion
SHA-256 | c42ae5c025360afcc5198f641ee48d83cab08933bf20481af75643e96227a51d
MOPS-2010-029 - CMSQlite c Parameter SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.

tags | exploit, php, sql injection
SHA-256 | d891d11b3e1bf5820eb5f73a06da57a12a760c688e8c28e1aca1ae8888a888a2
MOPS-2010-028 - PHP phar_wrapper_open_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
SHA-256 | 88778104d5539c71d1331b422cb8c82ae5e1b58fcc633a019260fff969c2644a
MOPS-2010-027 - PHP phar_parse_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
SHA-256 | 9e0eb74b07d6b55063f896a9f5ca562cc45dd241ff70b6b37c470608c91cdd9e
MOPS-2010-026 - PHP phar_wrapper_unlink Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_unlink() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | 4ce334e3edd4d8288ec7000354d42d816187ad32fe0257ee77eae10b958c8e2b
MOPS-2010-025 - PHP phar_wrapper_open_dir Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_open_dir() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | 40ed10c69fea27f50c0b22defe9f5214b675b8adcb883408542445dcc2f36c68
MOPS-2010-024 - PHP phar_stream_flush Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | cc1e47d1b6a80eea813c4763d3c9be481928ee3189643eb432e88d686f3f68ac
MOPS-2010-023 - Cacti Graph Viewer SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected.

tags | advisory, php, sql injection
SHA-256 | 996b7ff568192b5ed3be02ed2b958a472762b79721476e09acd4e723d3ad26c1
MOPS-2010-019 - Serendipity WYSIWYG Editor Plugin Configuration Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability. Versions 1.5.2 and below are affected.

tags | exploit, php
SHA-256 | d7cff96350fb0bbba4a2906fcf98f4a29c9f8b294849fdf0eae4b4c47cca9052
Page 1 of 6
Back12345Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close