8 matches found
CVE-2007-3378
The 1 sessionsavepath, 2 iniset, and 3 errorlog functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safemode and openbasedir restrictions and possibly execute arbitrary commands, as demonstrated using a phpvalue, b...
Slackware Advisory SSA:2008-045-03 php
The remote host is missing an update as announced via advisory SSA:2008-045-03. OpenVAS Vulnerability Test $Id: esoftslkssa200804503.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...
Gentoo Security Advisory GLSA 200710-02 (php)
The remote host is missing updates announced in advisory GLSA 200710-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
FreeBSD Ports: php5
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : php -- multiple vulnerabilities (71d903fc-602d-11dc-898c-001921ab2fa4)
The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.4 : - Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson - Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson - Fixed size calculation in chunksplit Reporte...
php -- multiple vulnerabilities
The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.4: Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson Fixed size calculation in chunksplit Reported by...
CVE-2007-3378
CVE-2007-3378 affects PHP 4.4.7 and earlier and PHP 5.2.3 and earlier, when processed via .htaccess. The vulnerability allows remote attackers to bypass safe_mode and open_basedir restrictions and potentially execute arbitrary commands via directives like php_value/php_flag in .htaccess. Connecte...
PHP .Htaccess Safe_Mode和Open_Basedir限制绕过漏洞
BUGTRAQ ID: 24661 CVE ID:CVE-2007-3378 CNCVE ID:CNCVE-20073378 PHP是一款广泛使用的WEB开发脚本语言。 PHP存在'safemode'和'openbasedir'限制绕过问题,远程攻击者可以利用漏洞写文件到未授权系统位置。 当使用PHP作为Apache模块,可以通过在.htaccess文件中使用指示进行培植二十时亿兆时毫...