EUVD-2007-6527

Malware in sbrugna...

PHP 5.3.0 - pdflib Arbitrary File Write

No description provided by source. Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ?php // Author : Sina Yazdanmehr R3d.W0rm ; Our Site : http://IrCrash.com if!extensionloaded'pdf' die'pdf extension requir...

PDFlib 7.0.2 Multiple Remote Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27001/info PDFlib is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit these issues to execute arbitrary code in the conte...

Php pdflib扩展绕过open_basedir安全限制漏洞

BUGTRAQ ID: 36951 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP所使用的PDFLib扩展没有正确的强制基础PHP配置指令，这允许攻击者绕过openbasedir限制在非授权位置写入文件。 仅在多个用户可以创建和执行任意PHP脚本代码的共享托管配置中才会出现这个漏洞。在这种情况下，openbasedir限制应彼此隔离用户。 PHP 5.3.0 厂商补丁： PHP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.php.net...

Php 5.3.0 pdflib extension open_basedir bypass

Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ?php // Author : Sina Yazdanmehr R3d.W0rm ; Our Site : http://IrCrash.com if!extensionloaded'pdf' die'pdf extension required .'; else $PATH = $GET'p'; /The...

PHP pdflib extension protection bypass

pdfopenfile function doesn't check file path to match openbasedir...

Php 5.3.0 pdflib extension open_basedir bypass

No description provided by source. Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ?php // Author : Sina Yazdanmehr R3d.W0rm ; Our Site : http://IrCrash.com if!extensionloaded'pdf' die'pdf extension requir...

PHP 5.3.0 pdflib Arbitrary File Write

No description provided by source. Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ?php // Author : Sina Yazdanmehr R3d.W0rm ; Our Site : http://IrCrash.com if!extensionloaded'pdf' die'pdf extension requir...

PHP 5.3.0 - 'pdflib' Arbitrary File Write

Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- / if!isset$PATH,$VALUE die'/expl.php?p=pathuwantsavefile/filename&v=valueuwantsav einfile'; $IRCRASH = pdfnew; pdfopenfile$IRCRASH,$PATH;...

PHP 5.3.0 pdflib file disclosure

No description provided by source. Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ?php // Author : Sina Yazdanmehr R3d.W0rm ; Our Site : http://IrCrash.com if!extensionloaded'pdf' die'pdf extension requir...

PHP 5.3.0 pdflib Arbitrary File Write

Exploit for unknown platform in category local exploits ===================================== PHP 5.3.0 pdflib Arbitrary File Write ===================================== Title: PHP 5.3.0 pdflib Arbitrary File Write CVE-ID: OSVDB-ID: Author: Sina Yazdanmehr Published: 2009-11-06 Verified: yes view...

Gentoo Security Advisory GLSA 200412-02 (PDFlib)

The remote host is missing updates announced in advisory GLSA 200412-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200803-17 (pdflib)

The remote host is missing updates announced in advisory GLSA 200803-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200412-02 (PDFlib)

The remote host is missing updates announced in advisory GLSA 200412-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200803-17 (pdflib)

The remote host is missing updates announced in advisory GLSA 200803-17. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD Ports: tiff

The remote host is missing an update to the system as announced in the referenced advisory. VID 68222076-010b-11da-bc08-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: tiff, linux-tiff

The remote host is missing an update to the system as announced in the referenced advisory. VID b58ff497-6977-11d9-ae49-000c41e2cdad OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: tiff

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: tiff, linux-tiff

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GLSA-200803-17 : PDFlib: Multiple buffer overflows

The remote host is affected by the vulnerability described in GLSA-200803-17 PDFlib: Multiple buffer overflows poplix reported multiple boundary errors in the pdcfsearchfopen function when processing overly long filenames. Impact : A remote attacker could send specially crafted content to a...