EUVD-2006-4613

Malware in sbrugna...

CVE-2009-2626

The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare a variable, then using the inirestore function to restore the...

PHP Ini_Restore() Safe_Mode及Open_Basedir限制绕过漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP在处理配置选项时存在漏洞，远程攻击者可能利用此漏洞绕过安全限制。 如果将PHP用作Apache模块的话，就可以使用Apache配置文件（如httpd.conf）中的指令更改配置设置。例如，httpd.conf中的openbasedir： - --- Directory /usr/home/frajer/publichtml/ Options FollowSymLinks MultiViews Indexes AllowOverride None phpadminflag safemode 1...

CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults...