Lucene search
K

310 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

wu-ftpd 2.6.2 realpath() Off-By-One Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that wa...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/16 12:0 a.m.10 views

PHP realpath 函数信息泄露漏洞

No description provided by source...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2009/03/19 12:0 a.m.7 views

PT-2009-1126 · Vmware +3 · Open-Vm-Tools +3

Name of the Vulnerable Software and Affected Versions: open-vm-tools version 2009.03.18-154848 Description: The issue is related to the mount.vmhgfs component of the open-vm-tools package, which incorrectly handles symbolic links before accessing a file. This can allow an attacker to access...

7.5CVSS6.1AI score0.13638EPSS
Exploits1References33
OpenVAS
OpenVAS
added 2008/10/31 12:0 a.m.23 views

freeSSHd SFTP 'rename' and 'realpath' Remote DoS Vulnerability

The host is running freeSSHd SSH server and is prone to remote denial of service vulnerability. NULL pointer de-referencing errors in SFTP 'rename' and 'realpath' commands. These can be exploited by passing overly long string passed as an argument to the affected commands. OpenVAS Vulnerability...

9CVSS0.9AI score0.14497EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2008/10/31 12:0 a.m.17 views

freeSSHd SFTP 'rename' and 'realpath' < 1.2.6 Remote DoS Vulnerability

freeSSHd SSH server is prone to a remote denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS6.9AI score0.14497EPSS
Exploits0References3
Prion
Prion
added 2008/10/28 2:0 a.m.13 views

Stack overflow

Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service service crash and potentially execute arbitrary code via a long argument to the 1 rename and 2 realpath parameters...

9CVSS8.3AI score0.14497EPSS
Exploits0References9Affected Software1
seebug.org
seebug.org
added 2008/10/27 12:0 a.m.13 views

freeSSHd rename及realpath命令拒绝服务漏洞

BUGTRAQ ID: 31872 freeSSHd是免费的SSH服务器实现。 freeSSHd在处理SFTP rename和realpath命令时存在空指针引用错误,如果远程攻击者在上述命令中包含了超长的字符串作为参数的话,就可以触发这个漏洞,导致服务器崩溃。 freeSSHd 1.2.1 -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://freesshd.com/ http://www.sebug.net/exploit/4958/ http://www.sebug.net/exploit/4957/...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/10/27 12:0 a.m.17 views

freeSSHd 1.2.1 sftp realpath Remote Buffer Overflow PoC (auth)

No description provided by source. !/usr/bin/perl Jeremy Brown [email protected]/jbrownsec.blogspot.com FreeSSH 1.2.1 Crash 2 -- A Product of Fuzzing. Stay Tuned For More. use Net::SSH2; $host = "192.168.0.100"; $port = 22; $username = "test"; $password = "test"; $dos = "A" x 262145; $ssh2 =...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/08/13 2:16 p.m.5 views

python buffer overflow

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...

3.7CVSS5.6AI score0.00947EPSS
Exploits1References4
seebug.org
seebug.org
added 2008/07/16 12:0 a.m.18 views

SuSe mount/umount溢出漏洞

由于mount/umount命令没有对用户的输入进行正确的边界检查,如果攻击者以超长的相对路径名为参数运行mount/umount程序,将会覆盖为realpath函数动态分配的内存空间的内容。攻击者通过修改堆heap数据有可能会获得root特权。 SuSe Linux 所有版本 Package: util 2.10f 升级util软件包,或去掉mount/umount的suid位。 ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/util-2.10f-4.alpha.rpm...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/05/20 2:15 p.m.3 views

python buffer overflow

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...

3.7CVSS5.6AI score0.00947EPSS
Exploits1References4
NVD
NVD
added 2007/06/04 5:30 p.m.28 views

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

5CVSS7.5AI score0.02695EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2007/06/04 5:30 p.m.34 views

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

5CVSS6AI score0.02695EPSS
Exploits0References1
Prion
Prion
added 2007/06/04 5:30 p.m.30 views

Design/Logic Flaw

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

5CVSS6.6AI score0.02695EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2007/06/04 5:0 p.m.47 views

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

7.4AI score0.02695EPSS
Exploits0References13
seebug.org
seebug.org
added 2007/06/04 12:0 a.m.182 views

PHP realpath()函数绕过safe_mode及open_basedir安全限制漏洞

PHP是一种流行的WEB服务器端编程语言。 PHP的realpath函数实现上存在漏洞,远程攻击者可能利用此漏洞绕过某些安全限制。 PHP的fileexists函数不允许检查是否存在openbasedir指定目录之外的文件,但readfile没有这个限制,允许检查文件系统的任意位置是否存在某一文件。如果realpath$filename返回了字符串(也就是非false),就表示文件存在,这就导致绕过了openbasedir限制。 PHP PHP 5.2.3 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net/downloads.php...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/06/04 12:0 a.m.3 views

PT-2007-4304 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.3 Description: The issue allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. This might also involve the realpath function...

5CVSS6.4AI score0.02695EPSS
Exploits0References15
securityvulns
securityvulns
added 2007/05/19 12:0 a.m.47 views

realpath&#40;&#41; BSD and wu-ftpd / BSD FTP / SSH buffer overflow

off-by-one overflow in fbrealpath function in oversized path of few FTP commands...

3.8AI score
Exploits0References4Affected Software3
seebug.org
seebug.org
added 2006/11/05 12:0 a.m.30 views

PHP多个安全漏洞.

PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP中存在多个安全漏洞,具体如下: 1 fileexists、imapopen和imapreopen函数中缺少safemode和openbasedir验证; 2 在64位系统上strrepeat和wordwrap函数存在边界错误; 3 可通过cURL扩展和realpath缓存绕过openbasedir和safemode保护机制; 4 GD扩展处理畸形GIF图形时存在边界条件错误; 5 stripos函数中的错误可能导致界外内存读取; 6 64位系统上存在错误的memorylimit限制。...

7.1AI score
Exploits0
NVD
NVD
added 2006/08/31 9:4 p.m.21 views

CVE-2006-4483

The cURL extension files 1 ext/curl/interface.c and 2 ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPTFOLLOWLOCATION option when openbasedir or safemode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache...

9.3CVSS6.5AI score0.02852EPSS
Exploits0References14
Rows per page
Query Builder