PHP 5.3.x 'open_basedir'安全限制绕过漏洞

BUGTRAQ ID: 54612 CVE ID: CVE-2012-3365 PHP 是一种 HTML 内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.3.15之前版本在SQLite扩展中存在错误，可被利用绕过"openbasedir"功能。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

Design/Logic Flaw

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

CVE-2012-3365

According to the Nessus plugin JSA10804, CVE-2012-3365 affects the PHP component bundled with Juniper Junos devices. The report states there is an unspecified flaw in the SQLite extension that allows an unauthenticated, remote attacker to bypass the open_basedir protection. This description confi...

Cells Blog CMS v1.1 - Multiple Web Vulnerabilites

Title: ====== Cells Blog CMS v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-06-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=591 VL-ID: ===== 591 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= Cells-bl...

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

Cells Blog CMS 1.1 SQL Injection / Cross Site Scripting

Title: ====== Cells Blog CMS v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-06-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=591 VL-ID: ===== 591 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= Cells-bl...

Cells Blog CMS v1.1 - Multiple Web Vulnerabilities

Document Title: =============== Cells Blog CMS v1.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=591 Release Date: ============= 2012-06-04 Vulnerability Laboratory ID VL-ID: ==================================== 591 Comm...

Owncloud 3.0.3 Clear Text Password Storage

Owncloud App "Ldap user backend" stored password in clear text Author: francesco.tornieri "At" verona-wireless.net Summary: store domain admin password in clear text Discovery date: 09/05/2012 Developer date contact : 09/05/2012 Where: From local Release Date: 11/05/2012 Criticality level: High...

Android information leakage

All local applications have unrestricted /proce access and access to SQLite journal files...

Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901)

1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, The Browser application holds sensitive information such as cookies, cache and history, a...

Android 2.3.7 SQLite Disclosure

Exploit for Android platform in category local exploits 1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, The Browser application holds...

Android SQLite Journal CVE-2011-3901信息泄露漏洞

Bugtraq ID: 53380 CVE ID：CVE-2011-3901 Open Handset Alliance Android是一款超过30家科技与移动电话公司所组成的团体开发的免费的移动电话平台。 Android SQLite数据库journal文件可被所有应用程序读取： -所有目录对应用程序数据库目录拥有执行权限，意味着应用程序数据目录可全局访问。 -/data/data/app package/databases目录以rwxrwx--x权限创建，可导致全局读写。 -数据库目录下创建的journal文件以-rw-r--r--权限创建，可被所有app读取。 0 Open...

GENU CMS 2012.3 - Multiple SQL Injections

GENU CMS 2012.3 - Multiple SQL Injections Title: ====== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-04-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=538 VL-ID: ===== 538 Introduction: ============= GENU is a Content Management System...

Pritlog v0.821 CMS - Multiple Web Vulnerabilities

Title: ====== Pritlog v0.821 CMS - Multiple Web Vulnerabilities Date: ===== 2012-04-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=534 VL-ID: ===== 534 Introduction: ============= PRITLOG is an extremely simple, small 500K uncompressed and powerful blog system. It...

GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities

Document Title: =============== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=538 Release Date: ============= 2012-04-29 Vulnerability Laboratory ID VL-ID: ==================================== 53...

GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities

Document Title: =============== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=538 Release Date: ============= 2012-04-29 Vulnerability Laboratory ID VL-ID: ==================================== 53...

Pritlog v0.821 CMS - Multiple Web Vulnerabilities

Document Title: =============== Pritlog v0.821 CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=534 Release Date: ============= 2012-04-28 Vulnerability Laboratory ID VL-ID: ==================================== 534 Commo...