4706 matches found
CVE-2000-0860
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables...
Security Advisory(CSA-200011)
CHINANSL Security AdvisoryCSA-200011 Topic: PHP AND APACHE Vulnerability Release Dateёє Dec 6, 2000 Affected system: ============ APACHE WEB SERVER 1.3 ЎЎЎЎ- Microsoft Windows NT 4.0 ЎЎЎЎ- Microsoft Windows 2000 Impact: ====== CHINANSL security team has found a security problem in Apache web serv...
Security problems with TWIG webmail system
Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...
CVE-2000-0860
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables...
PHP 3.0/4.0 - Error Logging Format String
// source: https://www.securityfocus.com/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. The vulnerability exists in the code that handles...
Дырка во многих реализациях PHP
Из-за того, что сервер не сбрасывает некоторые переменные, которые могут задаваться пользователем, пользователь может указать временный файл, используемый при загрузке, что позволяет скомпрометировать системные файлы...