CVE-2008-7002

CVE-2008-7002 : PHP 5.2.5 may bypass open_basedir and safe_mode_exec_dir restrictions for functions such as exec, system, shell_exec, passthru, and popen, potentially allowing a local user to run programs outside the intended directory (e.g., via pathnames like C:). The connected sources reiterat...

PHP 5.3.0 open_basedir Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.0 main.c openbasedir bypass Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - - Dis.: 26.05.2009 - - - Pub.: 06.08.2009 Risk: Medium Affected Software: PHP 5.3.0 Original URL:...

PHP 5.3 - mail.log Configuration Option open_basedir Restriction Bypass

PHP 5.3 - mail.log Configuration Option openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/36007/info PHP is prone to an 'openbasedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to write files in unauthorized...

PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/36007/info PHP is prone to an 'openbasedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to write files in unauthorized locations. This vulnerability would be an issue in shared-hosting...

PHP 5.2.9 Restriction Bypass Vulnerability

PHP is prone to a safemode and openbasedir restriction bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHP cURL safe_mode和open_basedir绕过安全限制漏洞

BUGTRAQ ID: 34475 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP支持libcurl库，用户可以使用各种类型的协议连接到不同类型的服务器。curl函数在检查safemode和openbasedir限制时存在漏洞，可能允许用户绕过安全限制执行非授权操作。例如对于以下代码： curlsetopt$ch, CURLOPTURL, "file:file:////etc/passwd"; curl首先对以下内容检查safemode和openbasedir： "file:////etc/passwd" 接下来读取：...

PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/34475/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where...

Mandriva Update for php MDKSA-2007:038 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDKSA-2007:038 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandrake Security Advisory MDVSA-2009:065 (php4)

The remote host is missing an update to php4 announced via advisory MDVSA-2009:065. OpenVAS Vulnerability Test $Id: mdksa2009065.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:065 php4 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:023 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:023. OpenVAS Vulnerability Test $Id: mdksa2009023.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:023 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mambo Component SimpleBoard <= 1.0.1 Arbitrary File Upload Exploit

No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand99999 . ".php"; no int print INTRO; - SimpleBoard Mambo Component = 1.0.1 - - Remote Arbitrary File Upload Exploit - Discovered && Coded by: t0pP8uZz Discover...

Mambo Component SimpleBoard 1.0.1 - Arbitrary File Upload

!/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand99999 . ".php"; no int print ; print "\nEnter File Pathpath to local file to upload: "; chompmy $file=; my $ua = LWP::UserAgent-new; my $re = $ua-requestPOST...

PHP多个函数'safe_mode_exec_dir'和'open_basedir'限制绕过漏洞

BUGTRAQ ID: 31064 CNCAN ID：CNCAN-2008090906 PHP是一款流行的网络编程语言。 PHP 5.2.5存在'safemodeexecdir'和'openbasedir'限制绕过问题，本地攻击者可以利用漏洞以应用程序权限执行任意PHP代码。 从本地调用函数"exec", "system", "shellexec", "passthru", "popen"，PHP没有进行正确检查，可导致绕过"openbasedir"和"safemodeexecdir"限制。 PHP 5.2.5 目前没有解决方案提供： http://www.php.net/ ?php...

PHP 5.2.5 - Multiple functions safe_mode_exec_dir open_basedir Restriction Bypass Vulnerabilities

PHP 5.2.5 - Multiple functions safemodeexecdir openbasedir Restriction Bypass Vulnerabilities source: https://www.securityfocus.com/bid/31064/info PHP is prone to 'safemodeexecdir' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitra...

PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities

source: https://www.securityfocus.com/bid/31064/info PHP is prone to 'safemodeexecdir' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary code. These vulnerabilities would be an issue in shared-hosting configurations where multip...

PHP 4.x < 4.4.9 Multiple Vulnerabilities

Binary data 4620.prm...

PHP < 4.4.9 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.9. Such versions may be affected by several security issues : - There are unspecified issues in the bundled PCRE library fixed by version 7.7. - A buffer overflow in the 'imageloadfont' function in...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

USN-628-1: PHP vulnerabilities

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

vhcs-root.txt

!/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller has 2 users + Host domaintest.fr is connected /...