Lucene search
K

113 matches found

Tenable Nessus
Tenable Nessus
added 2008/01/03 12:0 a.m.113 views

PHP < 4.4.8 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the 'chunksplit', 'strcspn', and 'strspn' functions, and 'safemode' / 'openbasedir' bypasses. %NASLMINLEVEL 70300 C...

9.8CVSS8.2AI score0.13818EPSS
Exploits11References8
seebug.org
seebug.org
added 2007/10/06 12:0 a.m.40 views

actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability

No description provided by source. '/ -.- ---------------------oOO------OOo-------------------- | actSite v1.991 Beta base.php Remote File Inclusion | | coded by DNX | -------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.actsite.de ! Detected: 02.09.2007...

7.1AI score
Exploits0
Prion
Prion
added 2007/10/03 2:17 p.m.15 views

Remote file inclusion

PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfgBaseDir parameter...

6.8CVSS8.1AI score0.01975EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/10/03 2:0 p.m.16 views

CVE-2007-5175

PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfgBaseDir parameter...

7.5AI score0.01975EPSS
Exploits1References4
CVE
CVE
added 2007/10/03 2:0 p.m.82 views

CVE-2007-5175

CVE-2007-5175 : PHP remote file inclusion in actSite 1.991 Beta (lib/base.php) allows an attacker to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. Root cause: unsafely using a user-controlled file path in an include operation. Impact: remote code execution on the affecte...

6.8CVSS7.5AI score0.01975EPSS
Exploits1References4Affected Software1
0day.today
0day.today
added 2007/10/01 12:0 a.m.65 views

actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= actSite 1.991 Beta base.php Remote File Inclusion Vulnerability ================================================================= '/ -.-...

7.1AI score
Exploits0
Prion
Prion
added 2007/09/14 1:17 a.m.19 views

Design/Logic Flaw

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safemode and openbasedir restrictions via the MySQL 1 LOADFILE, 2 INTO DUMPFILE, and 3 INTO OUTFILE functions, a different issue than CVE-2007-3997...

6.8CVSS6.6AI score0.13818EPSS
Exploits7References5Affected Software1
exploitpack
exploitpack
added 2007/06/04 12:0 a.m.10 views

Madirish Webmail 2.0 - addressbook.php Remote File Inclusion

Madirish Webmail 2.0 - addressbook.php Remote File Inclusion Madirish Webmail v2.0 Remote File Include Vulnerabilities Author : BoZKuRTSeRDaR Contact MSN:[email protected] My Homepage :WwW.Turkmilliyetcileri.OrG script Download : http://sourceforge.net/projects/madirishwebmail code:...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/05/22 12:0 a.m.5 views

PT-2007-1480 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.4 Description: The issue concerns the imap body function, which does not implement safemode or open basedir checks. This allows local users to read arbitrary files or list arbitrary directory contents. Recommendation...

2.1CVSS6.3AI score0.00355EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2007/04/02 12:0 a.m.90 views

PHP < 5.2.1 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.2.1. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...

10CVSS5.8AI score0.15195EPSS
Exploits10References28
seebug.org
seebug.org
added 2007/03/30 12:0 a.m.57 views

PHP Session.Save_Path() TMPDIR Open_Basedir限制绕过漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP session.savepath存在openbasedir绕过问题,远程攻击者可能利用此漏洞结合其他漏洞进行进一步攻击,如包含文件。 当提供空会话保存路径时,文件会话存储模块通过TMPDIR环境变量指定回调的路径,不幸的是回调发生在openbasedir检查之后,可导致安全检查被绕过。进行其他进一步攻击。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP P...

6.8AI score
Exploits0
Prion
Prion
added 2007/03/10 10:19 p.m.17 views

Remote file inclusion

PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO aka weborganizer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter...

10CVSS8AI score0.04949EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/03/09 10:19 p.m.15 views

CVE-2007-1370

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...

6.2CVSS6.7AI score0.00296EPSS
Exploits0References7
exploitpack
exploitpack
added 2007/03/08 12:0 a.m.21 views

WEBO (Web ORGanizer) 1.0 - baseDir Remote File Inclusion

WEBO Web ORGanizer 1.0 - baseDir Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV67$2007 ----------------------------------------------------------------------------------------- ECHOADV67$2007 WEBO Web Organizer = 1.0 baseDir Remote...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/08 12:0 a.m.37 views

WEBO (Web ORGanizer) 1.0 - &#039;baseDir&#039; Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV67$2007 ----------------------------------------------------------------------------------------- ECHOADV67$2007 WEBO Web Organizer = 1.0 baseDir Remote File Inclusion Vulnerability...

7.4AI score
Exploits0
NVD
NVD
added 2007/02/13 11:28 p.m.23 views

CVE-2007-0905

PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...

7.5CVSS6.3AI score0.02452EPSS
Exploits0References9
exploitpack
exploitpack
added 2006/12/08 12:0 a.m.10 views

PHP 5.2 - Session.Save_Path() Safe_mode open_basedir Restriction Bypass

PHP 5.2 - Session.SavePath Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in...

0.2AI score
Exploits0
NVD
NVD
added 2006/11/14 10:7 p.m.16 views

CVE-2006-5893

Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to 1 mysql.php and 2 mysqli.php in include/classes/pear/DB/...

7.5CVSS7.7AI score0.03464EPSS
Exploits0References7
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.52 views

StoryStream 4.0 &#40;baseDir&#41; Remote File Include Vulnerabilities

r0ut3r Presents... Another r0ut3r discovery! ContentNow 1.30 Local File Include & Arbitrary File Upload/Delete Vulnerabilities Software: ContentNow 1.30 Vulnerabilities Vendor: http://www.contentnow.mf4k.de/ Released: 2006/11/13 Discovered By: r0ut3r writ3r at gmail.com...

0.3AI score
Exploits0
NVD
NVD
added 2006/09/23 12:7 a.m.18 views

CVE-2006-4944

PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdnsbasedir parameter...

7.5CVSS7.6AI score0.02402EPSS
Exploits1References3
Rows per page
Query Builder