Lucene search
K

113 matches found

Tenable Nessus
Tenable Nessus
added 2006/09/14 12:0 a.m.45 views

FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a)

The PHP development team reports : - Added missing safemode/openbasedir checks inside the errorlog, fileexists, imapopen and imapreopen functions. - Fixed overflows inside strrepeat and wordwrap functions on 64bit systems. - Fixed possible openbasedir/safemode bypass in cURL extension and with...

10CVSS5.8AI score0.06357EPSS
Exploits1References9
exploitpack
exploitpack
added 2006/09/09 12:0 a.m.14 views

PHP 3 5 - Ini_Restore() Safe_mode open_basedir Restriction Bypass

PHP 3 5 - IniRestore Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2006/08/16 12:0 a.m.11 views

dotProject 2.0.4 - baseDir Remote File Inclusion

dotProject 2.0.4 - baseDir Remote File Inclusion / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - dotProject = 2.0.4 baseDir Remote File Include Vulnerabilities + - Script name: dotProject v. 2.0.4 - Script site: http://www.dotproject.net/ + + + - Find by: Kacper a.k.a Rahim + - Contact:...

7.5AI score
Exploits0
0day.today
0day.today
added 2006/08/16 12:0 a.m.14 views

dotProject <= 2.0.4 (baseDir) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== dotProject = 2.0.4 baseDir Remote File Include Vulnerability =============================================================== / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + ...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/28 12:0 a.m.25 views

PHP 4.x/5.0/5.1 with Sendmail Mail Function - &#039;additional_param&#039; Arbitrary File Creation

source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, and various PHP IMAP functions...

7.4AI score
Exploits0
Prion
Prion
added 2006/02/18 2:2 a.m.10 views

Design/Logic Flaw

DISPUTED dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if...

5CVSS6.4AI score0.01719EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2006/02/18 2:0 a.m.19 views

CVE-2006-0754

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the...

6.2AI score0.01719EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2006/02/18 12:0 a.m.4 views

PT-2006-1803 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error...

5CVSS6.8AI score0.01719EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2006/02/18 12:0 a.m.4 views

PT-2006-1804 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via the baseDir parameter in several PHP files, including db adodb.php, db connect.php, session.php, vw usr roles.php,...

5.6CVSS8AI score0.07846EPSS
Exploits1References29
myhack58
myhack58
added 2006/01/01 12:0 a.m.74 views

Plogger exploit method! - Vulnerability warning-the black bar safety net

http://www.hackeroo.com/Plogger 是 一 款 基于 PHP 的 网络日记 程序 the. Plogger does not filter the user submits the URI of the data, exploit vulnerabilities in the WEB permissions to execute arbitrary commands. Vulnerability in'plog-admin-functions.php'script for user-submitted'configbasedir'parameter is no...

Exploits0
RedHat Linux
RedHat Linux
added 2005/05/04 3:9 p.m.6 views

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

5CVSS6AI score0.10394EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2005/04/28 6:53 p.m.6 views

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

5CVSS6AI score0.10394EPSS
Exploits1References4
securityvulns
securityvulns
added 2002/04/23 12:0 a.m.33 views

PHP problem

This is not really an advisory, but a warning for sysadmins running webservers with PHP. I noticed that it was possible to rebuild the user database Unix even when safemode prevented from reading /etc/passwd and openbasedir prevented from accessing /etc. The implementation of getpwuid,nam functio...

7.1AI score
Exploits0
Rows per page
Query Builder