Lucene search
K

5543 matches found

securityvulns
securityvulns
added 2002/12/14 12:0 a.m.31 views

persl safe.pm protection bypass

Safe mode doesn't work if it was already used...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/12/14 12:0 a.m.59 views

[SECURITY] [DSA 208-1] New Perl packages correct Safe handling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 208-1 [email protected] http://www.debian.org/security/ Martin Schulze December 12th, 2002 http://www.debian.org/security/faq -...

4.6CVSS0.2AI score0.00462EPSS
Exploits0
Debian
Debian
added 2002/12/12 2:46 p.m.23 views

[SECURITY] [DSA 208-1] New Perl packages correct Safe handling

-------------------------------------------------------------------------- Debian Security Advisory DSA 208-1 [email protected] http://www.debian.org/security/ Martin Schulze December 12th, 2002 http://www.debian.org/security/faq -...

4.6CVSS6.1AI score0.00462EPSS
Exploits0
OSV
OSV
added 2002/12/12 12:0 a.m.24 views

DSA-208 perl - broken safe compartment

Bulletin has no description...

4.6CVSS6.1AI score0.00462EPSS
Exploits0
OSV
OSV
added 2002/12/11 5:0 a.m.6 views

CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...

6.2AI score
Exploits0References19
OSV
OSV
added 2002/12/11 5:0 a.m.1 views

DEBIAN-CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...

4.6CVSS6.5AI score0.00462EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2002/11/08 11:15 a.m.7 views

security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS5.8AI score0.02951EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/11/08 11:15 a.m.9 views

security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS5.8AI score0.02951EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/11/07 5:42 p.m.7 views

security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS5.8AI score0.02951EPSS
Exploits0References4
NVD
NVD
added 2002/09/24 4:0 a.m.23 views

CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS7AI score0.02951EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2002/09/24 12:0 a.m.3 views

PT-2002-1991 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.2.2 Description: The issue allows attackers to bypass safe mode restrictions and modify command line arguments to the MTA, such as sendmail, in the 5th argument to the mail function, potentially altering MTA behavio...

7.5CVSS6.4AI score0.02951EPSS
Exploits0References18
Debian
Debian
added 2002/09/18 1:40 p.m.37 views

[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 168-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18th, 2002 http://www.debian.org/security/faq -...

7.5CVSS0.2AI score0.0315EPSS
Exploits0
OSV
OSV
added 2002/09/18 12:0 a.m.22 views

DSA-168 php - bypassing safe_mode, CRLF injection

Bulletin has no description...

7.5CVSS6.1AI score0.0315EPSS
Exploits0
securityvulns
securityvulns
added 2002/08/25 12:0 a.m.47 views

PHP safe mode bypass

Shell metacharcters are not checked in mail command...

3.7AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.26 views

CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters...

7.6AI score0.09725EPSS
Exploits0References7
CVE
CVE
added 2002/06/25 4:0 a.m.59 views

CVE-2001-1246

CVE-2001-1246 affects PHP versions 4.0.5–4.1.0 running in safe mode. The fifth parameter to mail() is not properly sanitized, enabling local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Multiple connected documents (NVD/Nessus advisories) describe th...

7.5CVSS7.7AI score0.09725EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.20 views

CVE-2001-1247

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the errorlog function to access the files...

6.7AI score0.09383EPSS
Exploits1References4
CVE
CVE
added 2002/06/25 4:0 a.m.64 views

CVE-2001-1247

CVE-2001-1247 affects PHP 4.0.4pl1 and 4.0.5 in safe mode, enabling remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses error_log to access files. Impact: partial confidentiality and integrity exposure via uploaded scripts. Remediation: upgrade...

6.4CVSS7.1AI score0.09383EPSS
Exploits1References4Affected Software1
CERT
CERT
added 2002/05/23 12:0 a.m.21 views

Taskpads ActiveX Control incorrectly marked safe-for-scripting

Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...

7.5CVSS7AI score0.05881EPSS
Exploits0References2
NVD
NVD
added 2002/05/16 4:0 a.m.23 views

CVE-2002-0229

Safe Mode feature safemode in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements...

7.5CVSS7.2AI score0.09579EPSS
Exploits0References7
Rows per page
Query Builder