824 matches found
GLSA-200410-14 : phpMyAdmin: Vulnerability in MIME-based transformation system
The remote host is affected by the vulnerability described in GLSA-200410-14 phpMyAdmin: Vulnerability in MIME-based transformation system A defect was found in phpMyAdmin's MIME-based transformation system, when used with 'external' transformations. Impact : A remote attacker could exploit this...
Debian DSA-168-1 : php - bypassing safe_mode, CRLF injection
Wojciech Purczynski found out that it is possible for scripts to pass arbitrary text to sendmail as commandline extension when sending a mail through PHP even when safemode is turned on. Passing 5th argument should be disabled if PHP is configured in safemode, which is the case for newer PHP...
CVE-2002-0985
CVE-2002-0985 : Argument injection vulnerability in PHP 4.x mail() up to 4.2.2 may bypass safe_mode and alter the MTA command-line arguments (e.g., the 5th argument), potentially changing MTA behavior and enabling command execution. OpenVAS and Debian advisories confirm the issue affects PHP4.x a...
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
PHP < 4.1.0 Safe Mode Mail Function Command Execution
Binary data 1483.prm...
RHEL 2.1 : php (RHSA-2002:214)
PHP versions up to and including 4.2.2 contain vulnerabilities in the mail function, allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers or content. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64...
CVE-2003-0863
The phpchecksafemodeincludedir function in fopenwrappers.c of PHP 4.3.x returns a success value 0 when the safemodeincludedir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP...
CVE-2003-0863
The phpchecksafemodeincludedir function in fopenwrappers.c of PHP 4.3.x returns a success value 0 when the safemodeincludedir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP...
PHP < 4.3.3 php_check_safe_mode_include_dir Function Safemode Bypass
According to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.2. It is, therefore, potentially affected by an information disclosure vulnerability. Due to a flaw in the function phpsafemodeincludedir, a local attacker could bypass safe mode and gain unauthorized...
PHP 4.3.x - Undefined Safe_Mode_Include_Dir Safemode Bypass
PHP 4.3.x - Undefined SafeModeIncludeDir Safemode Bypass source: https://www.securityfocus.com/bid/8201/info PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include and require. The problem is known to occur when the...
PHP 4.3.x - Undefined Safe_Mode_Include_Dir Safemode Bypass
source: https://www.securityfocus.com/bid/8201/info PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include and require. The problem is known to occur when the safemodeincludedir PHP directive is not defined. A logic...
persl safe.pm protection bypass
Safe mode doesn't work if it was already used...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
PT-2002-1991 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.2.2 Description: The issue allows attackers to bypass safe mode restrictions and modify command line arguments to the MTA, such as sendmail, in the 5th argument to the mail function, potentially altering MTA behavio...
[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 168-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18th, 2002 http://www.debian.org/security/faq -...
DSA-168 php - bypassing safe_mode, CRLF injection
Bulletin has no description...
PHP safe mode bypass
Shell metacharcters are not checked in mail command...