what you don't know can hurt you
Showing 26 - 50 of 131 RSS Feed

Files from Stefan Esser

Email addresssesser at hardened-php.net
First Active2001-12-26
Last Active2017-10-27
MOPS-2010-020 - Xinha WYSIWYG Plugin Configuration Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - Xinha WYSIWYG Plugin Configuration Injection Vulnerability. Versions 0.96 Beta 2 and below are affected.

tags | exploit, php
MD5 | 99c162db3f34e64da1fc142cbc9e0a32
MOPS-2010-018 - EFront ask_chat chatrooms_ID SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - EFront ask_chat chatrooms_ID SQL Injection Vulnerability. Versions 3.6.2 and below are affected.

tags | exploit, php, sql injection
MD5 | 0fb51d2842143fb87b9000f345ff093f
MOPS-2010-017 - PHP preg_quote() Interruption Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP preg_quote() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | d2306775906d7a6c6caa0a2258c8f8d9
MOPS-2010-015 - PHP ZEND_SL Opcode Interruption Address Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | c0ef111f1139396f25d6844904f1801e
MOPS-2010-016 - PHP ZEND_SR Opcode Interruption Address Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 72ee1ada922e6ede446c924b32191d9e
MOPS-2010-014 - PHP ZEND_BW_XOR Opcode Interruption Address Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 54f5428f283bb9755f186f85a2c3673b
MOPS-2010-011 - DeluxeBB newthread SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - DeluxeBB newthread SQL Injection Vulnerability. Versions 1.3 and below are affected.

tags | exploit, php, sql injection
MD5 | f8a200383e38fc41e6d7871242077f01
MOPS-2010-010 - PHP html_entity_decode() Interruption Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP html_entity_decode() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 8622faf6f0e2d481b8b0bc01d56782ee
MOPS-2010-009 - PHP shm_put_var() Already Freed Resource Access
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP shm_put_var() Already Freed Resource Access Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | c0f93b3aeb008f2cd175c2ff11fe23ed
MOPS-2010-007 - ClanTiger Shoutbox Module s_email SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - ClanTiger Shoutbox Module s_email SQL Injection Vulnerability. Versions 1.1.3 and below are affected.

tags | advisory, php, sql injection
MD5 | ab56429466cf10992c8d8f71a0d3b3bb
MOPS-2010-008 - PHP chunk_split() Interruption Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP chunk_split() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 29d9359ecdd70478318838df4b8af8d0
MOPS-2010-006 - PHP addcslashes() Interruption Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP addcslashes() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | f62c44baa1d6cb8f468ca81c08415b0b
MOPS-2010-005 - ClanSphere MySQL Driver Generic SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - ClanSphere MySQL Driver Generic SQL Injection Vulnerability. Versions 2009.0.3 and below are affected.

tags | advisory, php, sql injection
MD5 | 78643dff302913c9d90cfdebbf3cdc9f
MOPS-2010-003 - PHP dechunk Filter Signed Comparison Vulnerability
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP dechunk Filter Signed Comparison Vulnerability. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
MD5 | 96c6636eacb9fe0a295138fc4bbdb3a2
MOPS-2010-004 - ClanSphere Captcha Generator Blind SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - ClanSphere Captcha Generator Blind SQL Injection Vulnerability. Versions 2009.0.3 and below are affected.

tags | advisory, php, sql injection
MD5 | 42e843dc16f7e8324c13b96839faa15e
MOPS-2010-001 - PHP hash_update_file() Already Freed Resource Access Vulnerability
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP hash_update_file() Already Freed Resource Access Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 20d3267b0d877f9a360ba7b10603048d
MOPS-2010-002 - Campsite TinyMCE Article Attachment SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - Campsite TinyMCE Article Attachment SQL Injection Vulnerability. Campsite versions 3.3.5 and below are affected.

tags | exploit, php, sql injection
MD5 | 65df31f1522213ed13963d2f16beee11
MyBB 1.4.11 Weak Random Numbers
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset weak random number vulnerability.

tags | advisory
MD5 | fad2fc053862ee5f3eafe4d0445db334
MyBB 1.4.11 Password Reset
Posted Apr 14, 2010
Authored by Stefan Esser

MyBB versions 1.4.11 and below suffer from a password reset vulnerability.

tags | advisory
MD5 | 29ef5f79128f2c75ead00e9910d4ab7c
Piwik Cookie Unserialize() Execution
Posted Dec 10, 2009
Authored by Stefan Esser | Site sektioneins.de

It was discovered that Piwik versions 0.4.5 and below unserialize data from the user supplied cookie. By unserializing some of Piwik's objects it is possible to write arbitrary files to writable locations on the webserver which can be used to upload e.g. PHP files to writable directories within the webserver's document root which usually exist in a standard Piwik installation. In newer versions of Piwik it is also possible to execute arbitrary PHP code directly.

tags | advisory, arbitrary, root, php
MD5 | 59251921d20945e7d95e8f6cfd293f3f
PHPIDS 0.6.2 Unserialize() Execution
Posted Dec 10, 2009
Authored by Stefan Esser | Site sektioneins.de

PHPIDS versions 0.6.2 and below unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized can utilize existing classes which e.g. can lead to upload of arbitrary files or execution of arbitrary PHP code in Zend Framework Applications.

tags | advisory, arbitrary, php
MD5 | 5c383e049cdf91d67cd84022a00c3cff
PHP 4 unserialize() ZVAL Reference Counter Overflow
Posted Oct 27, 2009
Authored by H D Moore, Stefan Esser, GML | Site metasploit.com

This Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.

tags | exploit, web, overflow, php
advisories | CVE-2007-1286
MD5 | 5328f9ccf0fabc5d2f0900b7b86d6114
Horde Application Framework Horde_Form_Type_image File Overwrite
Posted Sep 19, 2009
Authored by Stefan Esser | Site sektioneins.de

Horde Application Framework versions 3.2.4 and below suffer from a Horde_Form_Type_image arbitrary file overwrite vulnerability.

tags | advisory, arbitrary
advisories | CVE-2009-3236
MD5 | ae45f6d44b84cc2e9ba2053c89a86b0e
State Of The Art Post Exploitation In Hardened PHP Environments
Posted Jul 1, 2009
Authored by Stefan Esser | Site sektioneins.de

Whitepaper called State Of The Art Post Exploitation In Hardened PHP Environments.

tags | paper, php
MD5 | ef0fb2267f141def533d4aa6d3da4b53
SE-2008-06.txt
Posted Dec 4, 2008
Authored by Stefan Esser | Site sektioneins.de

PHP versions 5.2.6 and below suffer from a directory traversal vulnerability in ZipArchive::extractTo().

tags | exploit, php
MD5 | bd681cd79b728c0f8ea1c0f78ab7cdb6
Page 2 of 6
Back12345Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close