phpBypass.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.1.6 / 4.4.4 Critical phpadmin bypass by inirestore Author: Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 05.09.2006 - - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 = x...

CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults...

PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This vulnerability would be an issue in...

[Full-disclosure] [ MDKSA-2006:162 ] - Updated php packages fix vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:162 http://www.mandriva.com/security/ Package : php Date : September 7, 2006 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 Problem Description: The 1 fileexists and 2 imapreopen functions in PH...

USN-342-1: PHP vulnerabilities

The sscanf function did not properly check array boundaries. In applications which use sscanf with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application's privileges. CVE-2006-4020 The fileexis...

CVE-2006-4483

The cURL extension files 1 ext/curl/interface.c and 2 ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPTFOLLOWLOCATION option when openbasedir or safemode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache...

CVE-2006-4481

The 1 fileexists and 2 imapreopen functions in PHP before 5.1.5 do not check for the safemode and openbasedir settings, which allows local users to bypass the settings. NOTE: the errorlog function is covered by CVE-2006-3011, and the imapopen function is covered by CVE-2006-1017...

CVE-2006-4481

CVE-2006-4481 affects PHP prior to 5.1.5. The vulnerability lies in the file_exists and imap_reopen functions not enforcing safe_mode or open_basedir, enabling local bypass of these restrictions. Exploitation details are not provided in the supplied documents. Affected component: PHP core (file_e...

CVE-2006-4483

CVE-2006-4483 affects PHP 5.1.x before 5.1.5, specifically the curl extension files ext/curl/interface.c and ext/curl/streams.c. When open_basedir or safe_mode are enabled, CURLOPT_FOLLOWLOCATION is permitted, which can enable unauthorized actions and may relate to the realpath cache. Public advi...

[slackware-security] php

New php packages are available for Slackware 10.2 and -current to fix security and other issues. More details about these issues may be found on the PHP website: http://www.php.net Here are the details from the Slackware 10.2 ChangeLog: patches/packages/php-4.4.4-i486-1slack10.2.tgz: Upgraded to...

PHP 4.4.4 and PHP 5.1.5 Released

PHP 4.4.4 and PHP 5.1.5 Released 17-Aug-2006 The PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3. The new releases include the...

RHEL 2.1 : php (RHSA-2006:0567)

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...

security flaw

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...

USN-320-1: PHP vulnerabilities

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

CVE-2006-3011

The errorlog function in basicfunctions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and openbasedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode...

CVE-2006-3011

CVE-2006-3011 affects PHP up to 4.4.4 and 5.x up to 5.1.5, where error_log() can bypass safe_mode/open_basedir via a php:// scheme in the third argument. The SUSE Red Hat NVD entries confirm the safe_mode/open_basedir bypass in local contexts and identify error_log as the related vector. Ubuntu U...

Design/Logic Flaw

cPanel does not automatically synchronize the PHP openbasedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass openbasedir restrictions and access other virtual hosts via a PHP script that uses a main serve...

CVE-2006-2825

cPanel does not automatically synchronize the PHP openbasedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass openbasedir restrictions and access other virtual hosts via a PHP script that uses a main serve...

CVE-2006-2825

cPanel does not automatically synchronize the PHP openbasedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass openbasedir restrictions and access other virtual hosts via a PHP script that uses a main serve...