Mozilla Bugzilla bug别名信息泄漏漏洞

Bugraq ID: 37062 CVE ID：CVE-2009-3386 Mozilla Bugzilla是一款基于Web的BUG跟踪系统。 Mozilla Bugzilla显示"Depends On"或"Blocks"列表中的受限制bugs的别名时存在错误，可导致泄漏敏感信息。 当某个bug属于某个组时，本来它所有信息对此组之外的用户是不可见的。但是存在漏洞可显示非常短的字符串作为快捷方式用于查询bug"Depends On"或"Blocks"列表中的受限制bugs的别名给此组以外的其他用户，导致敏感信息。 Mozilla Bugzilla 3.5.1 Mozilla Bugzill...

CVE-2007-5424

The disablefunctions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using inialter when iniset is disabled...

PHP-alias vulnerable: disable_functions bypass

PHP-alias vulnerable: disablefunctions bypass ================================== Источник: PHP-alias vulnerable: disablefunctions bypass Автор: ElektAntichat.ru Обнаружено: 12.09.2007 Тип: локальная Описание: При запрете основной функции/её псевдонима в disablefunctions eё псевдоним/основная...

Security on AIR: Local file access through JavaScript

Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...

Ruby Safe Level security bypass

"alias" can be exploited to replace safe function, directory access protection bypass. Few potentially dangerous methods are not limited...

PT-1999-1194 · Sendmail · Sendmail

Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue allows input to be piped to a program through a Sendmail alias. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...