5543 matches found
persl safe.pm protection bypass
Safe mode doesn't work if it was already used...
[SECURITY] [DSA 208-1] New Perl packages correct Safe handling
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 208-1 [email protected] http://www.debian.org/security/ Martin Schulze December 12th, 2002 http://www.debian.org/security/faq -...
[SECURITY] [DSA 208-1] New Perl packages correct Safe handling
-------------------------------------------------------------------------- Debian Security Advisory DSA 208-1 [email protected] http://www.debian.org/security/ Martin Schulze December 12th, 2002 http://www.debian.org/security/faq -...
DSA-208 perl - broken safe compartment
Bulletin has no description...
CVE-2002-1323
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...
DEBIAN-CVE-2002-1323
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
PT-2002-1991 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.2.2 Description: The issue allows attackers to bypass safe mode restrictions and modify command line arguments to the MTA, such as sendmail, in the 5th argument to the mail function, potentially altering MTA behavio...
[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 168-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18th, 2002 http://www.debian.org/security/faq -...
DSA-168 php - bypassing safe_mode, CRLF injection
Bulletin has no description...
PHP safe mode bypass
Shell metacharcters are not checked in mail command...
CVE-2001-1246
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters...
CVE-2001-1246
CVE-2001-1246 affects PHP versions 4.0.5–4.1.0 running in safe mode. The fifth parameter to mail() is not properly sanitized, enabling local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Multiple connected documents (NVD/Nessus advisories) describe th...
CVE-2001-1247
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the errorlog function to access the files...
CVE-2001-1247
CVE-2001-1247 affects PHP 4.0.4pl1 and 4.0.5 in safe mode, enabling remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses error_log to access files. Impact: partial confidentiality and integrity exposure via uploaded scripts. Remediation: upgrade...
Taskpads ActiveX Control incorrectly marked safe-for-scripting
Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...
CVE-2002-0229
Safe Mode feature safemode in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements...