Lucene search
K

113 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-1461

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...

7.8CVSS7AI score0.02202EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.5 views

SUSE CVE-2007-3378

The 1 sessionsavepath, 2 iniset, and 3 errorlog functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safemode and openbasedir restrictions and possibly execute arbitrary commands, as demonstrated using a phpvalue, b...

6.8CVSS7.7AI score0.05331EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.5 views

SUSE CVE-2007-3997

The 1 MySQL and 2 MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safemode and openbasedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE...

7.5CVSS7AI score0.13818EPSS
Exploits7References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-4652

The session extension in PHP before 5.2.4 might allow local users to bypass openbasedir restrictions via a session file that is a symlink...

4.4CVSS6.7AI score0.00607EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.5 views

SUSE CVE-2007-4663

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...

7.5CVSS7.1AI score0.02141EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-4825

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass openbasedir restrictions and possibly execute arbitrary code via a .. dot dot in the dl function...

7.5CVSS8AI score0.03433EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.8 views

SUSE CVE-2007-4889

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safemode and openbasedir restrictions via the MySQL 1 LOADFILE, 2 INTO DUMPFILE, and 3 INTO OUTFILE functions, a different issue than CVE-2007-3997...

6.8CVSS7AI score0.01221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.7 views

SUSE CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

7.2CVSS6.9AI score0.00832EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.2 views

SUSE CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

5CVSS7.1AI score0.09371EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.5 views

SUSE CVE-2016-7133

Zend/zendalloc.c in PHP 7.x before 7.0.10, when openbasedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a long pathname...

8.1CVSS7.7AI score0.04052EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-10057

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

6.5CVSS6.6AI score0.02356EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.4 views

SUSE CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

5.5CVSS6.9AI score0.05076EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:6 a.m.16 views

Sensitive Data Exposure in elFinder

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set...

5.9CVSS6.7AI score0.01275EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.6 views

The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.

The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...

5CVSS7.7AI score0.02978EPSS
Exploits1References11Affected Software2
0day.today
0day.today
added 2022/02/23 12:0 a.m.266 views

WebHMI 4.1.1 Remote Code Execution Exploit

Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests import time import...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2019:0609-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.9CVSS7.1AI score0.04457EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/03/03 3:35 p.m.9 views

rubygems: Path traversal when writing to a symlinked basedir outside of the root

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS7.2AI score0.05076EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/02/25 12:14 p.m.5 views

rubygems: Path traversal when writing to a symlinked basedir outside of the root

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS7.2AI score0.05076EPSS
Exploits0References5
NVD
NVD
added 2019/11/07 9:15 p.m.15 views

CVE-2010-2476

syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...

9.8CVSS9.5AI score0.01725EPSS
Exploits0References3
Prion
Prion
added 2019/11/07 9:15 p.m.11 views

Open redirect

syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...

7.5CVSS7.1AI score0.01725EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder