113 matches found
PHP < 4.4.8 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the 'chunksplit', 'strcspn', and 'strspn' functions, and 'safemode' / 'openbasedir' bypasses. %NASLMINLEVEL 70300 C...
actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability
No description provided by source. '/ -.- ---------------------oOO------OOo-------------------- | actSite v1.991 Beta base.php Remote File Inclusion | | coded by DNX | -------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.actsite.de ! Detected: 02.09.2007...
Remote file inclusion
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfgBaseDir parameter...
CVE-2007-5175
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfgBaseDir parameter...
CVE-2007-5175
CVE-2007-5175 : PHP remote file inclusion in actSite 1.991 Beta (lib/base.php) allows an attacker to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. Root cause: unsafely using a user-controlled file path in an include operation. Impact: remote code execution on the affecte...
actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= actSite 1.991 Beta base.php Remote File Inclusion Vulnerability ================================================================= '/ -.-...
Design/Logic Flaw
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safemode and openbasedir restrictions via the MySQL 1 LOADFILE, 2 INTO DUMPFILE, and 3 INTO OUTFILE functions, a different issue than CVE-2007-3997...
Madirish Webmail 2.0 - addressbook.php Remote File Inclusion
Madirish Webmail 2.0 - addressbook.php Remote File Inclusion Madirish Webmail v2.0 Remote File Include Vulnerabilities Author : BoZKuRTSeRDaR Contact MSN:[email protected] My Homepage :WwW.Turkmilliyetcileri.OrG script Download : http://sourceforge.net/projects/madirishwebmail code:...
PT-2007-1480 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.4 Description: The issue concerns the imap body function, which does not implement safemode or open basedir checks. This allows local users to read arbitrary files or list arbitrary directory contents. Recommendation...
PHP < 5.2.1 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is older than 5.2.1. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...
PHP Session.Save_Path() TMPDIR Open_Basedir限制绕过漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP session.savepath存在openbasedir绕过问题,远程攻击者可能利用此漏洞结合其他漏洞进行进一步攻击,如包含文件。 当提供空会话保存路径时,文件会话存储模块通过TMPDIR环境变量指定回调的路径,不幸的是回调发生在openbasedir检查之后,可导致安全检查被绕过。进行其他进一步攻击。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP P...
Remote file inclusion
PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO aka weborganizer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter...
CVE-2007-1370
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...
WEBO (Web ORGanizer) 1.0 - baseDir Remote File Inclusion
WEBO Web ORGanizer 1.0 - baseDir Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV67$2007 ----------------------------------------------------------------------------------------- ECHOADV67$2007 WEBO Web Organizer = 1.0 baseDir Remote...
WEBO (Web ORGanizer) 1.0 - 'baseDir' Remote File Inclusion
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV67$2007 ----------------------------------------------------------------------------------------- ECHOADV67$2007 WEBO Web Organizer = 1.0 baseDir Remote File Inclusion Vulnerability...
CVE-2007-0905
PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...
PHP 5.2 - Session.Save_Path() Safe_mode open_basedir Restriction Bypass
PHP 5.2 - Session.SavePath Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in...
CVE-2006-5893
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to 1 mysql.php and 2 mysqli.php in include/classes/pear/DB/...
StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities
r0ut3r Presents... Another r0ut3r discovery! ContentNow 1.30 Local File Include & Arbitrary File Upload/Delete Vulnerabilities Software: ContentNow 1.30 Vulnerabilities Vendor: http://www.contentnow.mf4k.de/ Released: 2006/11/13 Discovered By: r0ut3r writ3r at gmail.com...
CVE-2006-4944
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdnsbasedir parameter...