EUVD-2006-5163

Malware in sbrugna...

Internet Bug Bounty: linkinfo - openbasedir bypass on Windows PHP

Upstream bug - windows linkinfo lacks openbasedir check === https://bugs.php.net/bug.php?id=76459 Summary == Description: ------------ linkinfo function on windows doesn't implement openbasedir check, it can be seen by reviewing the source code. This could be abused to find files on paths outside...

CVE-2006-5178

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the openbasedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the openbasedir check and before the file is opened by the underlying system, as...

PHP 4.x tempnam() Function open_basedir Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

Ubuntu: Security Advisory (USN-1042-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP tempname()函数绕过safe_mode安全限制漏洞

BUGTRAQ ID: 36555 CVE ID: CVE-2009-3557 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的tempnam中的错误可能允许绕过safemode限制。以下是ext/standard/file.c中的有漏洞代码段： PHPFUNCTIONtempnam char dir, prefix; int dirlen, prefixlen; sizet plen; char openedpath; char p; int fd; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss"...

PHP 5.3 - mail.log Configuration Option open_basedir Restriction Bypass

PHP 5.3 - mail.log Configuration Option openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/36007/info PHP is prone to an 'openbasedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to write files in unauthorized...

Mandrake Security Advisory MDVSA-2009:023 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:023. OpenVAS Vulnerability Test $Id: mdksa2009023.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:023 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mambo Component SimpleBoard 1.0.1 - Arbitrary File Upload

!/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand99999 . ".php"; no int print ; print "\nEnter File Pathpath to local file to upload: "; chompmy $file=; my $ua = LWP::UserAgent-new; my $re = $ua-requestPOST...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

CVE-2007-4825

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass openbasedir restrictions and possibly execute arbitrary code via a .. dot dot in the dl function...

CVE-2007-4825

CVE-2007-4825 is a directory traversal vulnerability in PHP 5.2.4 and earlier that allows bypassing open_basedir restrictions and may enable arbitrary code execution via .. in the dl() function. The vulnerability is cited in multiple advisories (SUSE/CVE-2007-4825) and is reflected in an NVD entr...

Directory traversal

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...

Confixx Pro <= 3.3.1 (saveserver.php) Remote File Inclusion Vulnerability

No description provided by source. Confixx = PRO 3.3.1 Remote File Inclusion Vulnerability ! Application homepage : http://www.swsoft.com/de/products/confixx/ ! Author : H4 / XPK ! Contact : http://xpkzxc.com/ ! Bug discovered : 2007-07-21 ! Bug published : 2007-07-24 ! Risk : Moderate Do not...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2007-1835

The CVE-2007-1835 issue affects PHP 4 before 4.4.5 and PHP 5 before 5.2.1. When session.save_path is empty, PHP uses the TMPDIR default after performing restrictions, which can allow local users to bypass open_basedir protections. The description explicitly ties the bypass to temporary directory ...

CVE-2006-5178

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the openbasedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the openbasedir check and before the file is opened by the underlying system, as...

CVE-2006-5178

CVE-2006-5178 is a race-condition vulnerability in the PHP 5.1.6 open_basedir path checks, caused by the symlink function. An attacker local to the system can exploit a sequence of symlink, mkdir, and unlink calls to alter the target path after the open_basedir check but before the file is opened...