CVE-2007-3378

CVE-2007-3378 affects PHP 4.4.7 and earlier and PHP 5.2.3 and earlier, when processed via .htaccess. The vulnerability allows remote attackers to bypass safe_mode and open_basedir restrictions and potentially execute arbitrary commands via directives like php_value/php_flag in .htaccess. Connecte...

PHP .Htaccess Safe_Mode和Open_Basedir限制绕过漏洞

BUGTRAQ ID: 24661 CVE ID:CVE-2007-3378 CNCVE ID:CNCVE-20073378 PHP是一款广泛使用的WEB开发脚本语言。 PHP存在'safemode'和'openbasedir'限制绕过问题，远程攻击者可以利用漏洞写文件到未授权系统位置。 当使用PHP作为Apache模块，可以通过在.htaccess文件中使用指示进行培植二十时亿兆时毫...

[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability

Source: http://securityreason.com/achievementsecurityalert/45 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.3 PHP 4.4.7, htaccess safemode and openbasedir Bypass Vulnerability Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason Date: - - Written: 10.02.2007 - - Public: 27.06.2007...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

Design/Logic Flaw

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

PHP realpath()函数绕过safe_mode及open_basedir安全限制漏洞

PHP是一种流行的WEB服务器端编程语言。 PHP的realpath函数实现上存在漏洞，远程攻击者可能利用此漏洞绕过某些安全限制。 PHP的fileexists函数不允许检查是否存在openbasedir指定目录之外的文件，但readfile没有这个限制，允许检查文件系统的任意位置是否存在某一文件。如果realpath$filename返回了字符串（也就是非false），就表示文件存在，这就导致绕过了openbasedir限制。 PHP PHP 5.2.3 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php...

PHP < 5.2.3 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.2.3. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow in the sqlitedecodefunction in the bundled sqlite library could allow context-dependent attackers to execute arbitrary code...

CVE-2006-7204

The imapbody function in PHP before 4.4.4 does not implement safemode or openbasedir checks, which allows local users to read arbitrary files or list arbitrary directory contents...

CVE-2006-7204

The imapbody function in PHP before 4.4.4 does not implement safemode or openbasedir checks, which allows local users to read arbitrary files or list arbitrary directory contents...

CVE-2006-7204

The imapbody function in PHP before 4.4.4 does not implement safemode or openbasedir checks, which allows local users to read arbitrary files or list arbitrary directory contents...

php -- multiple vulnerabilities

The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7: Fixed CVE-2007-1001, GD wbmp used with invalid image size Fixed asciiz byte truncation inside mail Fixed a bug in mbparsestr that can be used to activate registerglobals Fixed unallocated memory...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

Design/Logic Flaw

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

CVE-2007-1835

The CVE-2007-1835 issue affects PHP 4 before 4.4.5 and PHP 5 before 5.2.1. When session.save_path is empty, PHP uses the TMPDIR default after performing restrictions, which can allow local users to bypass open_basedir protections. The description explicitly ties the bypass to temporary directory ...

PHP < 4.4.5 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.5. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...

PHP 5.2.1 - Session.Save_Path() TMPDIR open_basedir Restriction Bypass

PHP 5.2.1 - Session.SavePath TMPDIR openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/23183/info PHP is prone to a 'openbasedir' restriction-bypass vulnerability due to a design error. Successful exploits could allow an attacker to access sensitive information or to write...