CVE-2007-1460

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or openbasedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories...

CVE-2007-1460

CVE-2007-1460 affects the PHP zip extension’s zip:// wrapper prior to PHP 4.4.7 and before 5.2.2 (including 5.2.0/5.2.1). The issue: safemode and open_basedir checks are not applied by the wrapper, allowing remote attackers to read ZIP archives located outside the intended directories. Impact per...

Buffer overflow

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...

CVE-2007-1370

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...

CVE-2007-1370

CVE-2007-1370 affects Zend Platform 2.2.3 and earlier, where incorrect file ownership (notably for scd.sh and related files) permits local users to gain root privileges by modifying those files. The issue occurs when safe_mode and open_basedir are disabled; other configurations may require differ...

Zend Platform不安全文件访问权限漏洞

Zend Platform是企业级PHP应用的运行时平台环境。 Zend Platform的文件安装存在权限配置错误，本地攻击者可能利用此漏洞获取权限提升。 Zend Platform所安装的一些二进制程序和SHELL脚本没有设置安全的文件访问权限，导致Web服务器用户或安装Zend Platform的用户帐号错误地拥有了某些文件。如果入侵了Web服务器或安装Zend Platform的用户帐号的话，攻击者就可以通过替换或编辑文件获得权限提升，在下一次服务器重启时以root用户权限执行文件。 Zend Platform = 2.2.3 ----...

FreeBSD : php -- multiple vulnerabilities (7fcf1727-be71-11db-b2ec-000c6ec775d9)

Multiple vulnerabilities have been found in PHP, including : buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained safemode and openbasedir bypasses, but the FreeBSD Security Officer does not consider these real security...

Mandrake Linux Security Advisory : php (MDKSA-2006:185)

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults. CVE-2006-4625 A race condition in the symlink functi...

Mandrake Linux Security Advisory : php (MDKSA-2006:196)

The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. The purpose of these functions is to be filled with user input. The overflow can only be when UTF-8 is used CVE-2006-5465 Unspecified vulnerabilities in PHP, probably before...

CVE-2007-0905

PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...

CVE-2007-0905

CVE-2007-0905 is described by Red Hat as a PHP vulnerability where PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. The description notes this may be a duplicate of CVE-2006-6383. The issue affects PHP prior to 5...

php -- multiple vulnerabilities

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained safemode and openbasedir bypasses, but the FreeBSD Security Officer does not consider these real security...

PHP Session.Save_Path() Safe_Mode和Open_Basedir限制绕过漏洞

PHP是一款流行的网络编程语言。 PHP在处理会话信息的功能函数实现上存在漏洞，远程攻击者可能利用漏洞获得敏感信息或向非授权位置写入文件。 session.savepath可以设置在iniset, sessionsavepath函数中，在session.savepath必须包含保存tmp文件路径的数据，但session.savepath的语法为： /PATH 或者 N;/PATH N是字符串。 如： 1. sessionsavepath"/DIR/WHERE/YOU/HAVE/ACCESS" 2. sessionsavepath"5;/DIR/WHERE/YOU/HAVE/ACCESS"...

CVE-2006-6383

CVE-2006-6383 affects PHP 5.2.0 and 4.4. It allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, causing PHP to validate the allowed path but set session.save_path to th...

PHP 5.2.0 session.save_path safe_mode and open_basedir bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.0 session.savepath safemode and openbasedir bypass Author: Maksymilian Arciemowicz SecurityReason Date: - - Written: 02.10.2006 - - Public: 08.12.2006 SecurityAlert Id: 43 CVE: CVE-2006-6383 SecurityRisk: High Affected Software: PHP 5.2.0...

PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This vulnerability would be an issue in...

PHP多个安全漏洞.

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP中存在多个安全漏洞，具体如下： 1 fileexists、imapopen和imapreopen函数中缺少safemode和openbasedir验证； 2 在64位系统上strrepeat和wordwrap函数存在边界错误； 3 可通过cURL扩展和realpath缓存绕过openbasedir和safemode保护机制； 4 GD扩展处理畸形GIF图形时存在边界条件错误； 5 stripos函数中的错误可能导致界外内存读取； 6 64位系统上存在错误的memorylimit限制。...

CVE-2006-5706

Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass openbasedir restrictions and perform unspecified actions via unspecified vectors involving the 1 chdir and 2 tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494...

CVE-2006-5706

Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass openbasedir restrictions and perform unspecified actions via unspecified vectors involving the 1 chdir and 2 tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494...

CVE-2006-5706

CVE-2006-5706 is a PHP vulnerability (likely before 5.2.0) allowing local users to bypass open_basedir restrictions through the chdir and tempnam functions. The issue is described as unspecified vectors, with the tempnam vector potentially overlapping CVE-2006-1494. Connected documents corroborat...