exploit the possibilities
Showing 76 - 100 of 131 RSS Feed

Files from Stefan Esser

Email addresssesser at hardened-php.net
First Active2001-12-26
Last Active2017-10-27
Hardened-PHP Project Security Advisory 2006-14.139
Posted Nov 16, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.

tags | advisory, php
MD5 | 94a0d7b89c35c24b152070fece362157
Hardened-PHP Project Security Advisory 2006-13.138
Posted Nov 6, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.

tags | advisory, remote, overflow, php, code execution
MD5 | 8658dc867e0750a1191125a053d57e61
Hardened-PHP Project Security Advisory 2006-12.137
Posted Nov 6, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.

tags | advisory, php, xss
MD5 | 7debbde23ded5dc07bfc575954cbce7d
Hardened-PHP Project Security Advisory 2006-09.133
Posted Oct 12, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity. The successful exploitation of this integer overflow will result in arbitrary code execution. PHP versions below 4.3.0 and versions below or equal to 5.1.6 are affected.

tags | advisory, overflow, arbitrary, php, vulnerability, code execution
MD5 | e179df9a8badbdc246d4a3c33f86142d
Hardened-PHP Project Security Advisory 2006-08.132
Posted Oct 9, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - PHP's open_basedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed. Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions. PHP versions 4 and 5 are affected by this.

tags | advisory, php
MD5 | 2cb900474805e78b77ed508b99ef68e4
PHProjekt-5.1.1.txt
Posted Oct 4, 2006
Authored by Stefan Esser | Site hardened-php.net

PHProjekt 5.1.1 suffers from a flaw that could allow attackers to include remote php files.

tags | advisory, remote, php
MD5 | bfc8a75226462bc14b5d0cdd98323b25
advisory-052006.128.txt
Posted Aug 28, 2006
Authored by Stefan Esser | Site hardened-php.net

The Zend Platform versions 2.2.1 and below suffer from multiple vulnerabilities.

tags | advisory, vulnerability
MD5 | 6803e08d9732e4738b9206d5be9cbf8a
Hardened-PHP Project Security Advisory 2006-04.119
Posted Jun 11, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - DokuWiki comes with an AJAX spellchecking service that can be called by every visiting client without the need of authorization. Unfortunately, the spellchecking service used the /e modifier of preg_replace() to handle links that are embedded in the text to translate in an unsafe way, allowing for arbitrary code execution.

tags | advisory, arbitrary, php, code execution
MD5 | 562b9174dbf918f3c71d7a515920de4a
Hardened-PHP Project Security Advisory 2006-03.115
Posted Apr 1, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

KisMAC versions below 73p and development versions below 113 suffer from a stack overflow when handling specially crafted 802.11 management frames.

tags | advisory, overflow
MD5 | c01d0c22dc2e91f32789f4e6f9ba3078
Hardened-PHP Project Security Advisory 2006-02.113
Posted Jan 15, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.

tags | advisory, remote, php, code execution, sql injection
MD5 | 29f6651d4c9a1137b6551b4140bef858
Hardened-PHP Project Security Advisory 2006-01.112
Posted Jan 15, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.

tags | advisory, web, arbitrary, php
MD5 | 04d3dba49413f20ee344aa659bd6cf2e
Hardened-PHP Project Security Advisory 2005-26.111
Posted Dec 31, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.

tags | advisory, arbitrary, php, xss
MD5 | 42ec72f2e7ceb6457f3427f819f6eba0
252005.txt
Posted Dec 14, 2005
Authored by Stefan Esser | Site hardened-php.net

Hardened-PHP Project Security Advisory - A quick audit of the variable overwrite protection that was redesigned for phpMyAdmin 2.7.0 revealed an easy to exploit flaw, that leads to total failure of the protection and therefore opens phpMyAdmin to a number of cross site scripting, local and remote file inclusion vulnerabilities.

tags | advisory, remote, local, php, vulnerability, xss, file inclusion
MD5 | 6790defc6b4538f47591e8923273a618
242005.txt
Posted Dec 14, 2005
Authored by Stefan Esser | Site hardened-php.net

Hardened-PHP Project Security Advisory - During a quick scan of the URL parsing code within libcurl, it was discovered, that certain malformed URLs trigger an off-by-one(two) buffer overflow. This may lead to unintended arbitrary code execution. Versions 7.15.0 and below are affected.

tags | advisory, overflow, arbitrary, php, code execution
MD5 | 4a7f50bed136cfff2daaf471d39360bb
Hardened-PHP Project Security Advisory 2005-23.105
Posted Nov 30, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.

tags | exploit, xss, sql injection, file inclusion
MD5 | b6c1646b05615c6ef43bfc64c7ad83bc
Hardened-PHP Project Security Advisory 2005-20.79
Posted Nov 1, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the file upload code, that allows overwriting the GLOBALS array when register_globals is turned on. Overwriting this array can lead to unexpected security holes in code assumed secure. This vulnerability can allow for remote PHP code execution. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.

tags | advisory, remote, php, vulnerability, code execution, file upload
MD5 | a6efeac60044f35b41165f2b5f3e379f
Hardened-PHP Project Security Advisory 2005-19.78
Posted Nov 1, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the implementation of the parse_str() function. Under certain conditions triggering the memory_limit request shutdown during a parse_str() call will result in the core of PHP believing that the register_globals directive is turned on (for the rest of the lifetime of the involved webserver process). This may allow an attacker to exploit security flaws in PHP applications that exist due to uninitialized global variables. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.

tags | advisory, php, vulnerability
MD5 | 4adcc49d883b464a6e745494f9a6e910
Hardened-PHP Project Security Advisory 2005-18.77
Posted Nov 1, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

A weakness in PHP's phpinfo() function allows for cross site scripting attacks. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.

tags | advisory, php, xss
MD5 | f6d21988ed14ff0eaa274db461e04331
Hardened-PHP Project Security Advisory 2005-17.75
Posted Nov 1, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

phpBB versions 2.0.17 and below are susceptible to multiple cross site scripting and SQL injection flaws.

tags | advisory, xss, sql injection
MD5 | b095e3bbf5c146320b4b5e49c1964be0
162005.txt
Posted Oct 26, 2005
Authored by Stefan Esser | Site hardened-php.net

Hardened-PHP Project Security Advisory - And audit of phpMyAdmin revealed a design flaw in the way phpMyAdmin includes it's register_globals compatibility layer, that allows inclusion of arbitrary local files, which usually leads to remote code execution.

tags | advisory, remote, arbitrary, local, php, code execution
MD5 | 4235c84230ae57cb8ff4cb921fe3a668
Hardened-PHP Project Security Advisory 2005-15.67
Posted Aug 17, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.

tags | advisory, arbitrary, php
advisories | CVE-2005-2498
MD5 | 03cdcfb82b17f83a0ae9398b28b52019
Hardened-PHP Project Security Advisory 2005-14.66
Posted Aug 17, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.

tags | advisory, arbitrary, php
advisories | CVE-2005-2498
MD5 | e3247149263b94ad7dcbb5463e849e7c
Hardened-PHP Project Security Advisory 2005-12.60
Posted Aug 5, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
MD5 | 87efe74fcdd09005ec610e4a68e249d4
Yawp106.txt
Posted Jul 13, 2005
Authored by Stefan Esser | Site hardened-php.net

Yawp/YaWiki versions 1.0.6 and below suffer from a remote URL include vulnerability.

tags | advisory, remote
MD5 | b6ebc7cafb264f82545bea7fffd3a1d4
punbb125sql.txt
Posted Jul 8, 2005
Authored by Stefan Esser | Site hardened-php.net

An uninitialized variable within PunBB can allow for SQL injection attacks. Versions 1.2.5 and below are affected.

tags | advisory, sql injection
MD5 | baa223daa9bc4bee859d26d99abcdf19
Page 4 of 6
Back23456Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close