11 matches found
SUSE CVE-2006-1494
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...
SUSE CVE-2007-1461
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...
SUSE CVE-2007-3997
The 1 MySQL and 2 MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safemode and openbasedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE...
SUSE CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...
SUSE CVE-2007-4889
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safemode and openbasedir restrictions via the MySQL 1 LOADFILE, 2 INTO DUMPFILE, and 3 INTO OUTFILE functions, a different issue than CVE-2007-3997...
SUSE CVE-2008-7002
PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...
The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.
The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...
PHP 5.2.x < 5.2.12 Multiple Vulnerabilities
Binary data 5281.prm...
PHP 5.2.9 Bypass Exploit
?php / SecurityReason.com - Security Audit Stuff PHP 5.2.9 curl safemode & openbasedir bypass http://securityreason.com/achievementsecurityalert/61 exploit from "SecurityReason - Security Audit" lab. for legal use only http://securityreason.com/achievementexploitalert/11 author: Maksymilian...
PHP < 4.4.8 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the 'chunksplit', 'strcspn', and 'strspn' functions, and 'safemode' / 'openbasedir' bypasses. %NASLMINLEVEL 70300 C...
security flaw
PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...