Apr 5, 2010
PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.
OffSec Team
An interesting submission to the Exploit Database today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.
From the exploit comments:
## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC
## Take a look, 'unicode.semantics' has to be on!
## php.ini > unicode.semantics = on
Their exploit code was tested and verified by the EDB team – check it here.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec
Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read
Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read