Lucene search
K

432 matches found

CVE
CVE
added 2006/06/05 5:0 p.m.48 views

CVE-2006-2825

CVE-2006-2825 : cPanel does not automatically synchronize the PHP open_basedir configuration between the main server and virtual hosts that share physical directories. This may allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main-...

5.1CVSS6.2AI score0.01241EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2006/06/05 5:0 p.m.18 views

CVE-2006-2825

cPanel does not automatically synchronize the PHP openbasedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass openbasedir restrictions and access other virtual hosts via a PHP script that uses a main serve...

6.2AI score0.01241EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.43 views

SUSE-SA:2006:024: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2006:024 php4,php5. This update fixes the following security issues in the scripting languages PHP4 and PHP5: - copy and tempnam functions could bypass openbasedir restrictions CVE-2006-1494 - Cross-Site-Scripting XSS bug in phpinfo...

6.4CVSS8.2AI score0.20514EPSS
Exploits4
Prion
Prion
added 2006/04/10 7:2 p.m.23 views

Directory traversal

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

2.6CVSS6.5AI score0.06241EPSS
Exploits1References27Affected Software1
UbuntuCve
UbuntuCve
added 2006/04/10 7:2 p.m.26 views

CVE-2006-1494

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

2.6CVSS7.4AI score0.06241EPSS
Exploits1References2
NVD
NVD
added 2006/04/10 7:2 p.m.21 views

CVE-2006-1494

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

2.6CVSS6.4AI score0.06241EPSS
Exploits1References27
Cvelist
Cvelist
added 2006/04/10 7:0 p.m.24 views

CVE-2006-1494

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

6.4AI score0.06241EPSS
Exploits1References27
CVE
CVE
added 2006/04/10 7:0 p.m.94 views

CVE-2006-1494

CVE-2006-1494 is described in the initial entry as a directory traversal vulnerability in PHP 4.4.2 and 5.1.2, allowing local users to bypass open_basedir and create files in arbitrary directories via the tempnam function. Connected documents reference this CVE ID in scan data (e.g., Ubuntu USN-3...

2.6CVSS6.4AI score0.06241EPSS
Exploits1References27Affected Software1
securityvulns
securityvulns
added 2006/04/10 12:0 a.m.72 views

[Full-disclosure] tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2

Source: http://securityreason.com/achievementsecurityalert/36 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tempnam openbasedir bypass PHP 4.4.2 and 5.1.2 Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 26.3.2006 - -Public: 8.4.2006 from SECURITYREASON.COM CVE-2006-1494 - ---...

2.6CVSS9.3AI score0.06241EPSS
Exploits1
Exploit DB
Exploit DB
added 2006/04/10 12:0 a.m.29 views

PHP 4.x - 'copy() Safe_Mode' Bypass

source: https://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. These vulnerabilities would be an...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/04/10 12:0 a.m.94 views

PHP 4.x - 'tempnam() open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. These vulnerabilities would be an...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/04/10 12:0 a.m.18 views

PHP 4.x - tempnam() open_basedir Restriction Bypass

PHP 4.x - tempnam openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2006/04/10 12:0 a.m.12 views

PHP 4.x - copy() Safe_Mode Bypass

PHP 4.x - copy SafeMode Bypass source: https://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

0.1AI score
Exploits0
myhack58
myhack58
added 2006/03/16 12:0 a.m.21 views

By the PHP imap function to bypass safe mode and open_basedir restrictions vulnerability thought-the vulnerability of early warning-the black bar safety net

Last night in the green League saw this vulnerability announcement, 2 on 2 8, released, is imapopen of the module exists on the vulnerability, a local attacker could use this vulnerability to unauthorized traversal of the mail directory, illegal create, delete, playback command file. The most...

7.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/03/07 12:2 a.m.35 views

CVE-2006-1017

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the 1 safemode or 2 openbasedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imapopen function, allow remote attackers to obtain access to ...

9.3CVSS7.3AI score0.03032EPSS
Exploits0References1
Prion
Prion
added 2006/03/07 12:2 a.m.24 views

Design/Logic Flaw

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the 1 safemode or 2 openbasedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imapopen function, allow remote attackers to obtain access to ...

9.3CVSS6.7AI score0.03032EPSS
Exploits0References12Affected Software1
securityvulns
securityvulns
added 2006/03/01 12:0 a.m.28 views

(PHP) imap functions bypass safemode and open_basedir restrictions

Vulnerability in c-client library tested with versions 2000,2001,2004, mailopen could be used to open stream to local files. For php and imap module imapopen allow to bypass safemode and openbasedir restrictions. Use imapbody or others to view a file and imaplist to recursively list a directory...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/28 12:0 a.m.76 views

PHP 4.x/5.0/5.1 - 'mb_send_mail()' Restriction Bypass

source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, and various PHP IMAP functions...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/02/28 12:0 a.m.17 views

PHP 4.x5.05.1 with Sendmail Mail Function - additional_param Arbitrary File Creation

PHP 4.x5.05.1 with Sendmail Mail Function - additionalparam Arbitrary File Creation source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2006/02/28 12:0 a.m.14 views

PHP 4.x5.05.1 - mb_send_mail() Restriction Bypass

PHP 4.x5.05.1 - mbsendmail Restriction Bypass source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail'...

0.1AI score
Exploits0
Rows per page
Query Builder