12 matches found
EUVD-2009-3539
Malware in sbrugna...
SUSE CVE-2009-3558
The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...
PHP 5.3.0,5.2.x<5.2.12,<5.2 posix扩展posix_mkfifo函数安全绕过漏洞
No description provided by source...
Mandriva Linux Security Advisory : php (MDVSA-2009:303)
Some vulnerabilities were discovered and corrected in php-5.2.11 : The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, v...
PHP posix_mkfifo()函数绕过open_basedir安全限制漏洞
BUGTRAQ ID: 36554 CVECAN ID: CVE-2009-3558 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的posixmkfifo函数中的错误可能允许绕过openbasedir限制。以下是ext/posix/posix.c文件中的有漏洞代码段: PHPFUNCTIONposixmkfifo char path; int pathlen; long mode; int result; if zendparseparametersZENDNUMARGS TSRMLSCC, "sl", &path, &pathlen, &mod...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)
Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dbareplace function. If a script passed untrusted input to the dbareplace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. CVE-2008-7068 It was...
USN-862-1: PHP vulnerabilities
Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dbareplace function. If a script passed untrusted input to the dbareplace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. CVE-2008-7068 It was...
Design/Logic Flaw
The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...
CVE-2009-3558
The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...
CVE-2009-3558
The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...
CVE-2009-3558
CVE-2009-3558 affects PHP up to versions before 5.2.12 and 5.3.x before 5.3.1. The posix_mkfifo function in ext/posix/posix.c allows context-dependent attackers to bypass open_basedir restrictions and create FIFO files by manipulating the pathname and mode arguments (demonstrated by creating a .h...
CVE-2009-3558
The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...