113 matches found
CVE-2010-2476
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...
CVE-2010-2476
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...
rubygems: Path traversal when writing to a symlinked basedir outside of the root
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
Directory Traversal Vulnerability
Ruby is vulnerable to directory traversal vulnerability. This exists in installlocation function of package.rb that could result in path traversal when writing to a symlinked basedir outside of the root...
Directory traversal
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...
CVE-2018-10057
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...
CVE-2018-10057
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
UBUNTU-CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
UBUNTU-CVE-2016-7133
Zend/zendalloc.c in PHP 7.x before 7.0.10, when openbasedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a long pathname...
CVE-2007-0905
PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...
AudioShare Code Injection Vulnerability
AudioShare is an audio file manager. AudioShare suffers from a code injection vulnerability that allows remote attackers to execute arbitrary PHP code by submitting a special 'config'basedir' ' parameter...
CVE-2015-4726
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config'basedir' parameter...
Audio Share 2.0.2 Cross Site Scripting / Remote File Inclusion
| Title : Audio Share v2.0.2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by AudioShareScript.com | Tested on: windows 8.1 Français V.Pro | Download : http://demo.audiosharescript.com/ ======================================= XSS / HTML Inject :...
PHP <= 5.2.1 Session.Save_Path() TMPDIR Open_Basedir Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23183/info PHP is prone to a 'openbasedir' restriction-bypass vulnerability due to a design error. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...
PHP 5.2 Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...
DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named 'http.ini'. An...