what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files

MOPS-2010-019 - Serendipity WYSIWYG Editor Plugin Configuration Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability. Versions 1.5.2 and below are affected.

tags | exploit, php
SHA-256 | d7cff96350fb0bbba4a2906fcf98f4a29c9f8b294849fdf0eae4b4c47cca9052

Related Files

MOPS-2010-040 - PHP strtr() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's strtr() function can be abused for information leak attacks, similar to all the other interruption exploits. However the interruption is not triggered inside the zend_parse_parameters() function and therefore another fix is required. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | ff1c81a7124ac3182baaf60163657e7a541a27e788975c4c697b8f4c4561a02a
MOPS-2010-039 - PHP strpbrk() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's strpbrk() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 274ba71a6e53ef04fb807692afac1c424fb46450b6fe5462b7db26ec367c4416
MOPS-2010-038 - PHP http_build_query() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's http_build_query() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 2114e80fb67165abaa4f330235c37963b5138cfd8dcdb9ba0b476734e41fa993
MOPS-2010-037 - PHP str_fetcsv() Interruption Information Leak
Posted May 26, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 6d847b738c636eb4f640142e72e0b46a26a2e4392356290dcf389a42c4b57155
MOPS-2010-036 - PHP htmlentities() / htmlspecialchars() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 6d393c315c5467e139f5d0406c2433248990c6ecc6bf52111a89f5d78d6333f9
MOPS-2010-035 - e107 BBCode PHP Code Execution
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.

tags | exploit, arbitrary, php
SHA-256 | 9e5e13070e5b1bbb208fabf81b566739464738bffb9c5bb3ff0a0421519c348e
MOPS-2010-034 - PHP iconv_mime_encode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php, vulnerability
SHA-256 | 08ee43cbc95c598ee383529242b6261189ff5b0ff455b68a97bde61b467737a1
MOPS-2010-033 - PHP iconv_subsrt() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 645c4430db4a9b9297b0921897e599d7efa4b474715e9e39c3c5c3413aff47a3
MOPS-2010-032 - PHP iconv_mime_decode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | d18872107c1dda39b76981664dc3403c8e50ea470b81d3b0498d2a2b02444189
MOPS-2010-031 - e107 SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.

tags | exploit, php, sql injection
SHA-256 | 7764fa816c681b9e1f35443ed5a5834ca32d0cf19952369802e37f00f1158457
MOPS-2010-030 - CMSQlite mod Parameter Local File Inclusion
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.

tags | exploit, remote, local, php, code execution, file inclusion
SHA-256 | c42ae5c025360afcc5198f641ee48d83cab08933bf20481af75643e96227a51d
MOPS-2010-029 - CMSQlite c Parameter SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.

tags | exploit, php, sql injection
SHA-256 | d891d11b3e1bf5820eb5f73a06da57a12a760c688e8c28e1aca1ae8888a888a2
MOPS-2010-028 - PHP phar_wrapper_open_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
SHA-256 | 88778104d5539c71d1331b422cb8c82ae5e1b58fcc633a019260fff969c2644a
MOPS-2010-027 - PHP phar_parse_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
SHA-256 | 9e0eb74b07d6b55063f896a9f5ca562cc45dd241ff70b6b37c470608c91cdd9e
MOPS-2010-026 - PHP phar_wrapper_unlink Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_unlink() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | 4ce334e3edd4d8288ec7000354d42d816187ad32fe0257ee77eae10b958c8e2b
MOPS-2010-025 - PHP phar_wrapper_open_dir Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_open_dir() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | 40ed10c69fea27f50c0b22defe9f5214b675b8adcb883408542445dcc2f36c68
MOPS-2010-024 - PHP phar_stream_flush Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | cc1e47d1b6a80eea813c4763d3c9be481928ee3189643eb432e88d686f3f68ac
MOPS-2010-023 - Cacti Graph Viewer SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected.

tags | advisory, php, sql injection
SHA-256 | 996b7ff568192b5ed3be02ed2b958a472762b79721476e09acd4e723d3ad26c1
MOPS-2010-022 - PHP Stream Context Use After Free on Request Shutdown
Posted May 25, 2010
Authored by Mateusz Kocielski | Site php-security.org

Month Of PHP Security - PHP uses the stream context during stream destruction, although it was already freed in the request shutdown before. PHP versions 5.2 through 5.2.13 and 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | 0dc931eb69c4ca111054feed1abc34e7434870a231fc6d4a8d722c895e3496da
MOPS-2010-021 - PHP fnmatch() Stack Exhaustion
Posted May 25, 2010
Authored by Mateusz Kocielski | Site php-security.org

Month Of PHP Security - PHP's fnmatch() function can be used to crash PHP through a stack exhaustion attack. PHP versions 5.2 through 5.2.13 and 5.3 through 5.3.2 are affected.

tags | exploit, php
SHA-256 | c13db5e41e6f631508f139cc4d97402b79a4a37c441571f27ad59bca30b2d145
MOPS-2010-020 - Xinha WYSIWYG Plugin Configuration Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - Xinha WYSIWYG Plugin Configuration Injection Vulnerability. Versions 0.96 Beta 2 and below are affected.

tags | exploit, php
SHA-256 | c66014e0c6768bd3c9c1aa70a314d4064c4c0468b8bf98545b2f42a206c4e70b
MOPS-2010-018 - EFront ask_chat chatrooms_ID SQL Injection
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - EFront ask_chat chatrooms_ID SQL Injection Vulnerability. Versions 3.6.2 and below are affected.

tags | exploit, php, sql injection
SHA-256 | bd70db2bcd76336b6a4f5c231f16033f042aefde8dc98f8e10731ab10ccba7c9
MOPS-2010-017 - PHP preg_quote() Interruption Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP preg_quote() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | e515968ea6988e8d0807efab6970363eaf0993abc5894542f5986b54ff16775a
MOPS-2010-015 - PHP ZEND_SL Opcode Interruption Address Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 2907e511f86cca7358b45fea35061b6efab3d3f08dabede076d55e375e76e680
MOPS-2010-016 - PHP ZEND_SR Opcode Interruption Address Information Leak
Posted May 11, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 5b99778ede255d29c72816503ca902ab9c5dd9959bcb79a46e5a309a31cfa132
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close