EUVD-2008-1734

Malware in sbrugna...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-200804-19 : PHP Toolkit: Data disclosure and Denial of Service

The remote host is affected by the vulnerability described in GLSA-200804-19 PHP Toolkit: Data disclosure and Denial of Service Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the 'tr' command, which could convert the...

Input validation

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...

CVE-2008-1734

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...

CVE-2008-1734

CVE-2008-1734 affects Gentoo Linux users running the Gentoo PHP Toolkit prior to 1.0.1. The vulnerability arises from an interpretation conflict where an unquoted [a-z] argument can be treated as a shell glob instead of a literal string, allowing local users to cause a Denial of Service (PHP outa...

CVE-2008-1734

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...

PT-2006-5806 · Php · Phpsatk

Name of the Vulnerable Software and Affected Versions: PHP System Administration Toolkit PHPSaTK affected versions not specified Description: A remote file inclusion issue in the loader.php file of PHPSaTK allows remote attackers to execute arbitrary PHP code via a URL in the config parameter of...

Code injection

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50 and possibly earlier has 1 world-readable permissions for ipn/logs/ipnsuccess.txt, which allows local users to view sensitive information payment data, and 2 world-writable permissions for ipn/logs, which allows local...

CVE-2006-0202

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50 and possibly earlier has 1 world-readable permissions for ipn/logs/ipnsuccess.txt, which allows local users to view sensitive information payment data, and 2 world-writable permissions for ipn/logs, which allows local...

CVE-2006-0201

The provided connected documents confirm CVE-2006-0201 affects PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier versions. The vulnerability allows remote attackers to inject false payment entries into the log file by sending HTTP POST requests to ipn_success.php, indicating an inpu...

CVE-2006-0202

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50 and possibly earlier has 1 world-readable permissions for ipn/logs/ipnsuccess.txt, which allows local users to view sensitive information payment data, and 2 world-writable permissions for ipn/logs, which allows local...

Multiple PHP Toolkit for PayPal Vulnerabilities

Vendor: Patrick Breitenbach and Dave Nielsen http://paypal.sf.net/ Versions affected: PHP Toolkit for PayPal v0.50 and may be prior Date: 12th January 2006 Type of Vulnerability: Sensitive Information Disclosure and Payment System Bypass Severity: Critical Solution Status: Unpatched Vendor was...

PHP 4.x - SafeMode Arbitrary File Execution

source: https://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and potentially unauthorized access to...

PHP 4.x - SafeMode Arbitrary File Execution

PHP 4.x - SafeMode Arbitrary File Execution source: https://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, an...