PHP <= 5.2.5 cURL 'safe mode' Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27413/info PHP cURL is prone to a 'safe mode' security-bypass vulnerability. Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks. Th...

CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

Information disclosure

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

PHP 5.2.5 - Multiple functions &#039;safe_mode_exec_dir&#039; / &#039;open_basedir&#039; Restriction Bypass Vulnerabilities

source: https://www.securityfocus.com/bid/31064/info PHP is prone to 'safemodeexecdir' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary code. These vulnerabilities would be an issue in shared-hosting configurations where multip...

CVE-2008-2829

phpimap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related...

CVE-2008-1384

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and probably other...

{securityreason.com}PHP 5 *printf&#40;&#41; - Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.5 and prior : printf functions Integer Overflow Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason.com and SecurityReason.pl Date: - - Written: 01.03.2008 - - Public: 20.03.2008 SecurityReason Research SecurityAlert Id: 52 CVE-2008-1384...

Code injection

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

CVE-2007-6039

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in 1 the domain parameter to the dgettext function, the message parameter to the 2 dcgettext or 3 gettext function, the msgid1 parameter to the 4 dngettext or 5 ngettext...

Design/Logic Flaw

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in 1 the domain parameter to the dgettext function, the message parameter to the 2 dcgettext or 3 gettext function, the msgid1 parameter to the 4 dngettext or 5 ngettext...

CVE-2007-6039

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in 1 the domain parameter to the dgettext function, the message parameter to the 2 dcgettext or 3 gettext function, the msgid1 parameter to the 4 dngettext or 5 ngettext...

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)

PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...