Lucene search
+L

824 matches found

Tenable Nessus
Tenable Nessus
added 2004/10/19 12:0 a.m.21 views

GLSA-200410-14 : phpMyAdmin: Vulnerability in MIME-based transformation system

The remote host is affected by the vulnerability described in GLSA-200410-14 phpMyAdmin: Vulnerability in MIME-based transformation system A defect was found in phpMyAdmin's MIME-based transformation system, when used with 'external' transformations. Impact : A remote attacker could exploit this...

7.5CVSS5.8AI score0.02926EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.48 views

Debian DSA-168-1 : php - bypassing safe_mode, CRLF injection

Wojciech Purczynski found out that it is possible for scripts to pass arbitrary text to sendmail as commandline extension when sending a mail through PHP even when safemode is turned on. Passing 5th argument should be disabled if PHP is configured in safemode, which is the case for newer PHP...

7.5CVSS5.7AI score0.16741EPSS
Exploits0References4
CVE
CVE
added 2004/09/01 4:0 a.m.85 views

CVE-2002-0985

CVE-2002-0985 : Argument injection vulnerability in PHP 4.x mail() up to 4.2.2 may bypass safe_mode and alter the MTA command-line arguments (e.g., the 5th argument), potentially changing MTA behavior and enabling command execution. OpenVAS and Debian advisories confirm the issue affects PHP4.x a...

7.5CVSS6.8AI score0.02951EPSS
Exploits0References15Affected Software1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.35 views

CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

6.8AI score0.02951EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.16 views

PHP < 4.1.0 Safe Mode Mail Function Command Execution

Binary data 1483.prm...

7.5CVSS7.3AI score0.08486EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.30 views

RHEL 2.1 : php (RHSA-2002:214)

PHP versions up to and including 4.2.2 contain vulnerabilities in the mail function, allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers or content. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64...

7.5CVSS5.9AI score0.03039EPSS
Exploits0References6
NVD
NVD
added 2003/11/17 5:0 a.m.27 views

CVE-2003-0863

The phpchecksafemodeincludedir function in fopenwrappers.c of PHP 4.3.x returns a success value 0 when the safemodeincludedir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP...

7.5CVSS6.8AI score0.06698EPSS
Exploits0References1
Cvelist
Cvelist
added 2003/10/15 4:0 a.m.31 views

CVE-2003-0863

The phpchecksafemodeincludedir function in fopenwrappers.c of PHP 4.3.x returns a success value 0 when the safemodeincludedir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP...

6.8AI score0.06698EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/07/25 12:0 a.m.45 views

PHP < 4.3.3 php_check_safe_mode_include_dir Function Safemode Bypass

According to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.2. It is, therefore, potentially affected by an information disclosure vulnerability. Due to a flaw in the function phpsafemodeincludedir, a local attacker could bypass safe mode and gain unauthorized...

7.5CVSS5.5AI score0.06698EPSS
Exploits0References1
exploitpack
exploitpack
added 2003/07/16 12:0 a.m.18 views

PHP 4.3.x - Undefined Safe_Mode_Include_Dir Safemode Bypass

PHP 4.3.x - Undefined SafeModeIncludeDir Safemode Bypass source: https://www.securityfocus.com/bid/8201/info PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include and require. The problem is known to occur when the...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/07/16 12:0 a.m.55 views

PHP 4.3.x - Undefined Safe_Mode_Include_Dir Safemode Bypass

source: https://www.securityfocus.com/bid/8201/info PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include and require. The problem is known to occur when the safemodeincludedir PHP directive is not defined. A logic...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/12/14 12:0 a.m.32 views

persl safe.pm protection bypass

Safe mode doesn't work if it was already used...

3.3AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2002/11/08 11:15 a.m.7 views

security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS5.8AI score0.02951EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/11/08 11:15 a.m.11 views

security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS5.8AI score0.02951EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/11/07 5:42 p.m.7 views

security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS5.8AI score0.02951EPSS
Exploits0References4
NVD
NVD
added 2002/09/24 4:0 a.m.23 views

CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

7.5CVSS7AI score0.02951EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2002/09/24 12:0 a.m.6 views

PT-2002-1991 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.2.2 Description: The issue allows attackers to bypass safe mode restrictions and modify command line arguments to the MTA, such as sendmail, in the 5th argument to the mail function, potentially altering MTA behavio...

7.5CVSS6.4AI score0.02951EPSS
Exploits0References18
Debian
Debian
added 2002/09/18 1:40 p.m.61 views

[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 168-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18th, 2002 http://www.debian.org/security/faq -...

7.5CVSS0.2AI score0.03039EPSS
Exploits0
OSV
OSV
added 2002/09/18 12:0 a.m.22 views

DSA-168 php - bypassing safe_mode, CRLF injection

Bulletin has no description...

7.5CVSS6.1AI score0.03039EPSS
Exploits0
securityvulns
securityvulns
added 2002/08/25 12:0 a.m.47 views

PHP safe mode bypass

Shell metacharcters are not checked in mail command...

3.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder