PHP 5 ecalloc memory manager unserialize() array integer overflow proof of concept exploit.
d4d2a7ebf01f65bf0871fe99b935491efb8bb3a3e3e029d5317331679ec0f317Tool that demonstrates how the CAPTCHA used in PHP-Nuke version 8.1 can be deciphered with 100% accuracy.
b6a2d80689a601a1e69a0dc8960bbdc9c3765dfc74c229767bceb218d7547adaPHP123 Top Sites suffers from a SQL injection vulnerability in category.php.
f21098b29040edf100e7ff0a373cfd2e77b1affa4fa918d44c2f43ff63639f40Whitepaper discussing secure file upload in PHP web applications.
c2f310516a6d4d5db4170ff162f315419894a825ccc044c82abbc2e20b2cdee4PHP121 Instant Messenger version 2.2 suffers from a local file inclusion vulnerability.
ec27accc2ef9b25f3a64e9dfd4a484a34ba0918af51bb9eb925cae2e924260c1PHP versions below 4.4.4, 5.2.1, and 5.1.6 suffer from a readfile() safe mode bypass vulnerability.
2f92559142ea978bb19ae97f7de8910992d71b174807d71a769362f9bf62af97PHP versions 4.4.6 and below ibase_connect() local buffer overflow exploit.
780d56c33d496973ba91e499096397ea02245bee3b5dea900339ad186b55dcc6PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().
5fa15988075ab903a6fb5db15ca53a4cf5cbc587310a227e5c83e5aa6494637bPHP version 4.4.6 crack_opendict() local buffer overflow exploit.
94c68df67e2e1df9884d7e59cdc21affda88015442b720d1db00be61a81e5c00PHP versions 4.4.6 and below mssql_connect() and mssql_pconnect() local buffer overflow exploit.
92d4547d24e68dddd983ba158385a312924951aeaa3d8dccb81e10b405a832f7POC exploit for the PHP exec, system, popen file descriptor bug that overwrites Apache's log file.
b21b5612f3dfa05f10f1e95eb766c9a109f1aa1f7878f56b937c1a95c857c4b4The php functions "exec", "system", "popen" (and similar) keep file descriptors of the parent process opened. When a new process is run this program will inherit all opened file descriptors of its parent. This can be used by hostile programs to listen and accept connections on port 80, or write to the apache log files.
df0886b7417f348dce9959a45e47a889aa6e01dd100f026507d0c694e50c33e3PHP-Post suffers from multiple input validation vulnerabilities.
20323cc7139975eeb177172778044c5303cf3f0bb4523ffbeb10f9a9ceea6aaaphp_news 2.0 and prior are vulnerable to several remote file inclusion vulnerabilities.
bb0016bf49266da56ea374a5ca848ca6eb9d6dd563c3cf1ea2ef2b238573b2eaPHP-Nuke Module's Name Sections V3 suffers from a SQL injection vulnerability.
f86e7eb93ea54b5e29bb6066b6c8835b1564898e6dfa7c4539e269b00ea5cfecIt is possible to use the error_log function to bypass safe mode in PHP 5.1.4 and 4.4.2
69dcde6236188d1a1843507726eaab7b5d146ea0cda8bb889b32fc10c645b338PHP-Nuke versions less than or equal to 7.9 suffer from XSS in the Search parameter.
2c42dbc929e90f1c4de919b2eb6ff7030e3ba73407eb06c3deb08e9e14905edeIt is possible to crash php and possibly apache by using a recursive function call. Tested on PHP 4.4.2 and 5.1.2.
629e887103a607ea88675761f74bad078c61e2d2c8db6ebab560d5d9890a5b87PHP121 Instant Messenger versions less than or equal to 1.4 remote commands execution exploit.
4f500420ae021a12f0c97b72682ef7dc378e59151587d6457602e17d599689fePHP-Stats versions 0.1.9.1 and below option overwrite and remote command execution exploit.
5e1df32cb784ea2095f9714c2811df794f7a6ceccdb4d96467d22db47a8e1688PHP Live! 3.0 suffers from XSS in status_image.php.
34e8bfbf37cc8f4b08ab9bbb61900ada026b59bdb97d451be810b4b8cc75abc3It is possible to download the users password hashed in PHP Advanced Transfer Manager 1.x via a special URL.
94dd1adf4a7926508e3f52f536f7a190f575b355f715a85e793baf17aa2aa609PHP-Stats versions 0.1.9.1 and below suffer from remote directory traversal, SQL injection, and command execution flaws.
5e1bb3d424f9a3bfb779ba437927c5754cc6e55f28507e15a6b60e3aa1950db1A group of Stanford researchers have discovered 99 vulnerabilities when auditing e107 version 0.7, myBloggie version 2.1.3beta, utopia NewPro version 1.1.4, DCP Portal version 6.1.1, and PHP Webthings version 1.4. They have not released exploitation information, however.
9f4befbadd47367ea11c650c514480272ba50d6d8d9f8494e5e8c9df32678f71PHP HANDICAPPER is susceptible to cross site scripting, SQL injection, and other flaws. Details provided.
2b6f990448729227c0ef62fc5049f14e49cdcabb515a207f26749fe31b402dc7PHP-Nuke is susceptible to cross site scripting attacks.
7d26a61ef6f2ad7823422e467d0666ed5a5618f7a4980bb9f719510f18948a95
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed