11 matches found
PHP < 5.2.7 Multiple Vulnerabilities
PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...
HP-UX Update for Apache Web Server Suite HPSBUX02431
Check for the Version of Apache Web Server Suite OpenVAS Vulnerability Test HP-UX Update for Apache Web Server Suite HPSBUX02431 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
PHP 5 'posix_access()'功安全模式绕过目录遍历漏洞
CVE-2008-2665 PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data. Attackers can leverage this issue to bypass security restrictions enforced by 'safemode' to access data outside of the root webserver directory. Successful attacks may all...
[slackware-security] php
New php packages are available for Slackware 12.0, 12.1, and -current to fix security issues, as well as make improvements and fix bugs. Here are the details from the Slackware 12.1 ChangeLog: patches/packages/php-5.2.7-i486-1slack12.1.tgz: Upgraded to php-5.2.7. In addition to improvements and b...
Slackware 12.0 / 12.1 / current : php (SSA:2008-339-01)
New php packages are available for Slackware 12.0, 12.1, and -current to fix security issues, as well as make improvements and fix bugs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...
Gentoo Security Advisory GLSA 200811-05 (php)
The remote host is missing updates announced in advisory GLSA 200811-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200811-05 (php)
The remote host is missing updates announced in advisory GLSA 200811-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP 5 'posix_access()'函数'safe_mode'绕过目录遍历漏洞
BUGTRAQ ID: 29797 CVE ID:CVE-2008-2665 CNCVE ID:CNCVE-20082665 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'posixaccess'存在'safemode绕过问题,远程攻击者可以利用漏洞访问WEB ROOT目录之外的数据,导致敏感信息泄漏。 问题代码如下: - --- PHPFUNCTIONposixaccess long mode = 0; int filenamelen, ret; char filename, path; if zendparseparametersZENDNUMARGS TSRMLSCC,...
[Full-disclosure] PHP 5.2.6 posix_access() (posix ext) safe_mode bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 posixaccess posix ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 54 CVE: CVE-2008-2665 CWE: CWE-264 SecurityRisk:...
CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...
CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...