CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

PHP 5.2.5之前版本多个安全漏洞

BUGTRAQ ID: 26403 CVECAN ID: CVE-2007-4887 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的5.2.5之前版本中存在多个安全漏洞，具体包括： 1 htmlentities和htmlspecialchars函数中不会接受部分多字节序列； 2 fnmatch、setlocale和glob函数中存在多个缓冲器溢出； 3 处理.htaccess文件中的错误可能导致通过.htaccess文件修改mail.forceextraparameters php.ini指令，绕过disablefunctions指令； 4...

CVE-2007-5424

The disablefunctions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using inialter when iniset is disabled...

Design/Logic Flaw

The disablefunctions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using inialter when iniset is disabled...

CVE-2007-5424

The CVE-2007-5424 entry concerns PHP 4/5 where the disable_functions setting can be bypassed via an alias (demonstrated via ini_alter when ini_set is disabled). Affected component: PHP’s configuration and function-disabling mechanism. Reported impact aligns with PARTIAL confidentiality/integrity/...

CVE-2007-5424

The disablefunctions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using inialter when iniset is disabled...

Verlihub Control Panel 1.7.x - Local File Inclusion

Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion http://vhcp.verlihub- project.org/ Bug Found By Methodman From TEAMELITE dchub.nemesis.te-home.net:4120 Bug: Line: 27 - iniset"magicquotesgpc","1"; ............................ Line: 71 - $pagename = isset$GET'page' ? $GET'page' :...

Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example: inurl:php-stats.js.php...

Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on works with registerglobals = On & allowurlfopen = On\r\n\r\n"; echo "dork: "Powered by Claroline" -demo\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path location OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to...