60 matches found
Design/Logic Flaw
PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...
CVE-2007-3007
PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...
CVE-2007-3007
PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...
CVE-2007-3007
PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...
PT-2007-4304 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.3 Description: The issue allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. This might also involve the realpath function...
Stack overflow
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...
CVE-2006-1542
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...
CVE-2006-1542
CVE-2006-1542 is a stack-based buffer overflow in the Python interpreter (Python 2.4.2 and earlier) that can be triggered by running a script from a current working directory with a long name, related to the realpath handling. The vulnerability affects Linux environments described in the initial ...
CVE-2006-0043
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks...
USN-99-2: Fixed php4 packages for USN-99-1
USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath function CAN-2004-1064. However, this caused severe regressions, some applications like SquirrelMail a...
WU-FTPD 2.6.0/2.6.1/2.6.2 - 'realpath()' Off-by-One Buffer Overflow
// source: https://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the...
NetBSD Security Advisory 2003-011: off-by-one error in realpath(3)
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2003-011 ================================= Topic: off-by-one error in realpath3 Version: NetBSD-current: source prior to August 4, 2003 NetBSD 1.6.1: affected NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5....
FreeBSD Security Advisory FreeBSD-SA-03:08.realpath
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath3 Category: core Module: libc Announced: 2003-08-03 Credits:...
FreeBSD-SA-03:08.realpath
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath3 Category: core Module: libc Announced: 2003-08-03 Credits:...
CVE-2003-0466
Off-by-one error in the fbrealpath function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including 1 STOR, 2 RETR,...
FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow
FreeBSD 4.8 - realpath Off-by-One Buffer Overflow source: https://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A...
realpath(3) function contains off-by-one buffer overflow
Overview A function originally derived from 4.4BSD, realpath3, contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base ma...
libc.nul.byte.txt
Date: Wed, 14 Oct 1998 11:42:46 +0200 From: Olaf Kirch To: [email protected] Subject: The poisoned NUL byte Summary: you can exploit a single-byte buffer overrun to gain root privs. When, half a day after releasing version 2.2beta37 of the Linux nfs server, I received a message from Larry...
WU-FTPD 2.4.2 SCO Open Server 5.0.5 ProFTPd 1.2 pre1 - realpath Remote Buffer Overflow (1)
WU-FTPD 2.4.2 SCO Open Server 5.0.5 ProFTPd 1.2 pre1 - realpath Remote Buffer Overflow 1 / source: https://www.securityfocus.com/bid/113/info There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 beta 18 VR9 and earlier. This vulnerability is a buffer overflow...
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (2)
/ source: https://www.securityfocus.com/bid/113/info There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 beta 18 VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names directory structures. For example, if a user has wri...