Code injection

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set...

CVE-2019-5884

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set...

CVE-2019-5884

The CVE-2019-5884 entry concerns information disclosure in the elFinder project. It affects elFinder versions up to and including 2.1.44 (before 2.1.45), where PHP’s curl extension, combined with unsafe PHP configurations (safe_mode or open_basedir not set), can leak information. Root cause is ti...

Fedora 28 : php-symfony (2018-eba0006df2)

Version 2.8.41 2018-05-25 - bug 27359 HttpFoundation Fix perf issue during MimeTypeGuesser intialization nicolas-grekas - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security...

CVE-2018-15132

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...

Design/Logic Flaw

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...

CVE-2018-15132

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...

CVE-2018-15132

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...

CVE-2018-15132

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...

CVE-2018-15132

Removed by vendor...

CVE-2018-15132

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...

Internet Bug Bounty: linkinfo - openbasedir bypass on Windows PHP

Upstream bug - windows linkinfo lacks openbasedir check === https://bugs.php.net/bug.php?id=76459 Summary == Description: ------------ linkinfo function on windows doesn't implement openbasedir check, it can be seen by reviewing the source code. This could be abused to find files on paths outside...

FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)

The phpMyAdmin development team reports : Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially crafted database name. Severity We consider this attack to be of...

PHP 7.1.0 and prior open_basedir bypass through glob wrapper Vulnerability

Exploit for php platform in category local exploits ./php -v PHP 7.1.0 cli built: Dec 23 2016 16:08:30 NTS DEBUG Copyright c 1997-2016 The PHP Group Zend Engine v3.1.0-dev, Copyright c 1998-2016 Zend Technologies Test script: --------------- ?php if $dh = opendir$argv1 while $file = readdir$dh !=...

CVE-2016-7133

Zend/zendalloc.c in PHP 7.x before 7.0.10, when openbasedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a long pathname...

Integer overflow

Zend/zendalloc.c in PHP 7.x before 7.0.10, when openbasedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a long pathname...

CVE-2016-7133

Zend/zendalloc.c in PHP 7.x before 7.0.10, when openbasedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a long pathname...

CVE-2016-7133

CVE-2016-7133 affects PHP 7.x prior to 7.0.10. Zend/zend_alloc.c mishandles huge reallocs when open_basedir is enabled, causing an integer overflow that can lead to denial of service and possibly other impacts via a long pathname. Public advisories (SUSE Security Update SUSE-SU-2016:2460-1 and re...

PHP 7.x < 7.0.10 Multiple Vulnerabilities (Sep 2016) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 7.x < 7.0.10 Multiple Vulnerabilities (Sep 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...