Maksymilian Arciemowicz

82 exploits Active since Feb 2005
CVE-2005-1000 EXPLOITDB text WRITEUP
PHP-Nuke 7.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
CVE-2005-4260 EXPLOITDB text WRITEUP
PHP-Nuke 7.9 - Cross-Site Scripting via Tag Sanitization Bypass
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
CVE-2005-0997 EXPLOITDB text WRITEUP
PHP-Nuke 7.6 - SQL Injection via Web_Links Module Parameters
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function.
CVE-2005-1000 EXPLOITDB text WRITEUP
PHP-Nuke 7.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
CVE-2005-1000 EXPLOITDB text WRITEUP
PHP-Nuke 7.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
CVE-2007-4850 EXPLOITDB php WORKING POC
PHP 5.2.4 and 5.2.5 - Arbitrary File Read via cURL file:// Null Byte Bypass
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
CVE-2006-1549 EXPLOITDB text WORKING POC
PHP 4.4.2 and 5.1.2 - Denial of Service via Recursive Function Execution
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
CVE-2010-3709 EXPLOITDB text WORKING POC
PHP 5.2.0-5.2.14 and 5.3.0-5.3.3 - Denial of Service via ZipArchive::getArchiveComment
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
CVE-2011-0420 EXPLOITDB text WORKING POC
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
CVE-2011-3182 EXPLOITDB text WORKING POC
PHP < 5.3.7 - Denial of Service via Malloc Return Value Mismanagement
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.
CVE-2006-4625 EXPLOITDB php WORKING POC
PHP 4.x-4.4.4 and 5-5.1.6 - Local Security Restriction Bypass via ini_restore Function
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
CVE-2007-0448 EXPLOITDB text WORKING POC
PHP 5.2.0 - Arbitrary File Read via Invalid URI Handler in fopen
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
CVE-2006-6383 EXPLOITDB text WORKING POC
PHP 5.2.0 and 4.4 - Local Restriction Bypass via Null Byte in session_save_path
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
CVE-2009-2626 EXPLOITDB text WORKING POC
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
CVE-2007-4652 EXPLOITDB php WORKING POC
PHP < 5.2.4 - Local Symlink Bypass of open_basedir Restrictions via Session File
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
CVE-2008-2666 EXPLOITDB text WORKING POC
PHP < 5.2.6 - Directory Traversal via http URL Argument to chdir or ftok
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
EIP-2026-104702 EXPLOITDB php WORKING POC
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass
EIP-2026-104703 EXPLOITDB php WORKING POC
PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass
CVE-2006-1608 EXPLOITDB text WORKING POC
PHP 4.4.2 and 5.1.2 - Local Arbitrary File Read via compress.zlib:// URI in copy Function
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
CVE-2006-1494 EXPLOITDB text WORKING POC
PHP 4.4.2 and 5.1.2 - Directory Traversal via tempnam Function
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
CVE-2006-0996 EXPLOITDB text WRITEUP
PHP phpinfo Long Array Variables - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
CVE-2009-2626 EXPLOITDB php WORKING POC
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
CVE-2009-2626 EXPLOITDB php WORKING POC
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
EIP-2026-104753 EXPLOITDB php WORKING POC
PHP 5.2.11/5.3.0 - Multiple Vulnerabilities
CVE-2009-0689 EXPLOITDB c STUB
K-Meleon 1.5.3 - Heap-Based Buffer Overflow via Large Precision Value in printf Format Argument
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.