| | PHP unauthorized access
|
 | | mbstring.func_overload setting in .htaccess is applied to all websites. |
| | PHP multiple security vulnerabilities
|
| | GENERATE_SEED() weak random generator, |
| | PHP safe mode protection bypass with htaccess
updated since 27.06.2007
|
| | It's possible to manipulate function ini_set() and session_save_path() with htaccess settings. |
| | PHP disable_functions function aliases protection bypass
|
| | Function, disabled with disable_functions, may be invoked by it's alias. |
| 6! | t1lib library / PHP buffer overflow
|
| | Buffer overflow in intT1_Env_GetCompletePath() |
| | libgd PNG DoS
|
| | Resource exhaustion on PNG parsing. |
| 6! | PHP multiple security vulnerabilities
|
| | chunk_split() integer overflow. |
| 6! | PHP libxmlrpc buffer overflow |
| | | |
| | PHP str_replcae() integer overflow
|
| | Integer overflow on a large number of single char substring occurance. |
| | Buffer overflow on in PHP sqlite_udf_decode_binary() function
|
| | Buffer overflow on the string with single \0x01 character. |
| 6! | PHP imap_mail_compose buffer overflow
|
| | Buffer overflow on oversized MIME boundary. |
| | PHP msg_receive() integer overflow
|
| | Integer overflow with max_size parameter. |
| 6! | PHP zip_entry_read() function integer overflow
updated since 29.03.2007
|
| | Integer overflow leads to heap memory buffer overflow. |
| | PHP session.save_path open_basedir protection bypass
|
| | It's possible to create file in any directory by using environment variables. |
| | PHP iptcembed() function information leak
|
| | Uninitialized memory region is returned on invalid function termination. |
| 6! | PHP printf() integer overflow
|
| | Integer overflow on 64-bit systems. |
| | PHP mail() function invalid characters processing
|
| | Unfiltered \r\n and \0 characters allows strings injection and header truncation. |
| 6! | PHP read_file safe_mode protection bypass
|
| | It's possible to bypass protection by using php://../../ prefix to filename. |
| 6! | PHP variables unset use after free vulnerability
|
| | There is no access counters for _SESSION and HTTP_SESSION_VARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it's possible to deserealize these variables. |
| | PHP FTP commans injection
|
| | Unchecked CRLF in filename allows to inject FTP commands. |
| 6! | PHP ext/gd use after free() vulnerability
|
| | During exceptional conditions handling, some resourceses aree free()ed and later accessed. |
| | mb_parse_str() exceptional conditions protection bypass
|
| | Exceptional conditions during function invocation may lead to enabling register_globals. |
| | PHP compress.bzip2:// URL safe mode protection bypass
|
| | Safe mode and open_basedir limitations are not checked. |
| | PHP array_user_key_compare() function memory corruption
|
| | Reference are left to freed buffer. It may lead to de-allocated memory space usage. |
| | PHP ibase_connect function buffer overflow
|
| | Buffer overflow on oversized function argument. |
| | PHP SNMP extension snmpget() buffer overflow
|
| | Buffer overflow on oversized ID. |
| | PHP shmop information leak
|
| | By using shared memory via shmop() function, script can obtain content of parent application's memory. |
| | PHP CDFP extension cpdf_open information leak
|
| | Fragment of source code is printed in diagnostics message. |
| | PHP crack_opendict() extension buffer overflow
|
| | Buffer overflow on oversized function argument. |
| | PHP import_request_variables internal variables overwrite
|
| | $_GET $_POST $_COOKIE $_FILES $_SERVER $_SESSION and another internal variables may be overwritten during import. |
| 6! | PHP mssql_connect() / mssql_pconnect() functions buffer overflow
|
| | Buffer overflow leads to code execution, resulting in sandbox protection bypass. |
| | PHP php_binary / WDDX information leak
|
| | Fragment of heap memory may be red because of missed variable length checking. |
| | PHP Ovrimos extension safe mode protection bypass
|
| | There are numerous code exectuion possibilities. |
| 6! | Multiple PHP bugs
updated since 27.02.2002
|
| | Buffer overflows, integer overflows, DoS conditions, crossite scripting. |
| | PHP zend_hash_init function infinite loop
updated since 22.02.2007
|
| | Infinite loop on 64-bit platforms. |
| 6! | Multiple PHP security vulnerabilities
updated since 10.04.2006
|
| | Crossite scripting, DoS, protection bypass, buffer overflows. |
| 9! | PHP unserialize() integer overflow
|
| | 16-bit counter overflow leads to ability of code execution on parsing cookie. |
| 8! | PHP functions buffer overflow
|
| | Buffer overflow in htmlentities() and htmlspecialchars() on UTF-8 encoding. |
| | PHP open_basedir protection bypass
updated since 04.10.2006
|
| | By using symbolic links in race period of time it's possible to bypass open_basedir protection. |
| | PHP mysql_error() crosssite scripting
|
| | Crossite scripting is possible if mysql_error() result is used in application output. |
| 6! | PHP Safe Mode protection bypass
|
| | By usgin ini_restore function it's possible to clear safe_mode variable. |
| 6! | Multiple PHP scripting language security vulnerabilities
updated since 18.08.2006
|
| | "file_exists()", "imap_open()", and "imap_reopen()" function and cURL extension safe mode restriction bypass, buffer overflows in different functions on 64-bit systems, buffer overflow in GD extension on GIFs processing, stripos() out-of-memory reading, Incorrect memory_limit restrictions on 64-bit systems. Buffer overflow in LWZReadByte(). |
| 6! | PHP memory corruption
|
| | sscanf() function past the end of aray writing. |
| 6! | PHP invalid has table value deletion vulnerability
|
| | Wrong element with same hash value but different class may be removed from hash table. |
| | PHP Safe Mode protection bypass
|
| | error_log allows restricted files access. |
| 6! | PHP cURL safe mode protection bypass
|
| | Multiple possibilities to execute code with no restrictiions with curl* functions. |
| 6! | PHP html_entity_decode() information leak
|
| | Iinvalid processing of non-printable characters allows to access memory content. |
| 6! | mb_send_mail() PHP safe mode protection bypass
updated since 28.02.2006
|
| | mb_send_mail() and imap_* unfctions allow to access system files. |
| 6! | Multiple PHP vulnerabilities
updated since 31.10.2005
|
| | phpinfo() crossite scripting, parse_str() register_globals activisation possibility, $GLOBALS variable modification witrh HTTP POST form 'fileupload' field. It's also possible to modify any variable with GLOBALS[variable]. |
| | Windows PHP buffer overflow
|
| | mysql_connect() buffer overflow. |
| | PHP Apache configuration files DoS
|
| | Server crashes on invalid .htaccess 'php_value session.save_path' value. |
| | PHP open_basedir protection bypass
updated since 28.09.2005
|
| | Under some rare conditions it's possible to open file from different directory. |
| | |
