10 matches found
SUSE CVE-2009-4018
The procopen function in ext/standard/procopen.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the 1 safemodeallowedenvvars and 2 safemodeprotectedenvvars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, a...
PHP < 5.3.1 Multiple Vulnerabilities
PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...
[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02512995 Version: 1 HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, HTTP Response Splitting, and Other Vulnerabilities...
Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)
No description provided by source. ?php / Kolang PHP Safe mode bypass IHSteam priv8 for lazy penetration testers php 4.3.10 - 5.3.0 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018 12/19/2009 http://www.milw0rm.com/exploits/7393 12/09/2008 1- Kolang can be used directly in file...
Kolang 4.3.10 5.3.0 - proc_open() PHP safe_mode Bypass
Kolang 4.3.10 5.3.0 - procopen PHP safemode Bypass // "shellcode loader" : load and execute arbitrary shellcode from a file // Hami...
Mandriva Security Advisory MDVSA-2009:324 (php)
The remote host is missing an update to php announced via advisory MDVSA-2009:324. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...
Mandriva Security Advisory MDVSA-2009:303 (php)
The remote host is missing an update to php announced via advisory MDVSA-2009:303. OpenVAS Vulnerability Test $Id: mdksa2009303.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:303 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Mandriva Security Advisory MDVSA-2009:303 (php)
The remote host is missing an update to php announced via advisory MDVSA-2009:303. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...
Ubuntu: Security Advisory (USN-862-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-4018
CVE-2009-4018 affects PHP before 5.2.11 and 5.3.x before 5.3.1, where proc_open in ext/standard/proc_open.c fails to enforce safe_mode_allowed_env_vars and safe_mode_protected_env_vars. This lets context-dependent attackers supply an arbitrary environment via the env parameter, demonstrated by cr...