PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...

PHP 3.0.x/4.x Move_Uploaded_File Open_Basedir Circumvention Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4325/info PHP is a server side scripting language, designed to be embedded within HTML files. It is available for Windows, Linux, and many Unix based operating systems. It is commonly used for web development, and is very...

PHP PHP_RSHUTDOWN_FUNCTION Security Bypass

According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior to 5.3.11 or 5.4.x prior to 5.4.1 and thus, is potentially affected by a security bypass vulnerability. An error exists related to the function 'PHPRSHUTDOWNFUNCTION' in the libxml extension and the...

PHP libxml RSHUTDOWN安全限制绕过漏洞(CVE-2012-1171)

BUGTRAQ ID: 65673 CVECAN ID: CVE-2012-1171 PHP是一种HTML内嵌式的语言。 PHP 5.x版本内的libxml RSHUTDOWN函数可使远程攻击者在用自定义流封装器时调用streamclose方法，绕过openbasedir保护机制，读取敏感文件。 0 PHP PHP 5.5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php...

PHP 'open_basedir' Security Bypass Vulnerability

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

Design/Logic Flaw

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

CVE-2012-1171 affects PHP 5.x via the libxml RSHUTDOWN function, enabling a remote attacker to bypass open_basedir protections and read arbitrary files when a custom stream wrapper is in use. The issue is triggered by a stream_close call during wrapper usage, which bypasses the intended directory...

PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

Binary data 6994.prm...

PHP < 5.3.11 Multiple Vulnerabilities

Binary data 6995.prm...

CVE-2013-1635

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an...

CVE-2013-1635

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an...

Debian DSA-2639-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files...

[SECURITY] [DSA 2639-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2639-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 05, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2639-1 (php5 - several vulnerabilities)

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files...

Debian: Security Advisory (DSA-2639-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP < 5.3.15 Security Bypass Vulnerability - Windows

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PT-2013-12: open_basedir bypass in PHP

The specialists of Positive Technologies have detected bypass of the configuration directive "openbasedir" in PHP. The vulnerability was detected in the PHP's built-in SoapClient class. PHP does not validate the configration directive "soap.wsdlcachedir" before writing SOAP wsdl cache files to th...