824 matches found
CVE-2001-1246
CVE-2001-1246 affects PHP versions 4.0.5–4.1.0 running in safe mode. The fifth parameter to mail() is not properly sanitized, enabling local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Multiple connected documents (NVD/Nessus advisories) describe th...
CVE-2001-1246
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters...
CVE-2001-1247
CVE-2001-1247 affects PHP 4.0.4pl1 and 4.0.5 in safe mode, enabling remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses error_log to access files. Impact: partial confidentiality and integrity exposure via uploaded scripts. Remediation: upgrade...
CVE-2001-1247
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the errorlog function to access the files...
CVE-2002-0229
Safe Mode feature safemode in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements...
CVE-2002-0229
Safe Mode feature safemode in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements...
CVE-2002-0229
CVE-2002-0229 affects PHP 3.0–4.1.0 Safe Mode. The vulnerability lets an attacker with access to the MySQL database bypass Safe Mode restrictions and read arbitrary files via LOAD DATA INFILE LOCAL SQL statements. Documented impact is partial confidentiality/read access. The connected documents c...
Obtaining user list in PHP safe mode
Unlimited access to getpw allows to reconstruct full users list...
PHP problem
This is not really an advisory, but a warning for sysadmins running webservers with PHP. I noticed that it was possible to rebuild the user database Unix even when safemode prevented from reading /etc/passwd and openbasedir prevented from accessing /etc. The implementation of getpwuid,nam functio...
Bypassing safe mode in PHP
It's possible to bypass safe mode limitation by using moveuploadedfile call and MySQL library functions to access files of different users...
PHP Safe Mode Filesystem Circumvention Problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ------------------------------------------------------------------------------ Security Advisory DW020203-PHP Release: 3rd February 2002 PHP Safe Mode Filesystem Circumvention Problem Severity: Medium to high. Affects: PHP, all versions which include...
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (3)
optionsMYSQLIOPTLOCALINFILE, 1; $m-setlocalinfilehandler"r"; $m-query"LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE a.a"; $m-close; ?...
PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution
The remote host is running PHP 4.0.5. There is a flaw in this version of PHP that allows local users to circumvent the safe mode and to gain the UID of the HTTP process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: Fri, 23 Aug 2002 09:30:40 +0200 CEST From: "Wojciech...
CVE-2001-1246
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters...
PT-2001-2378 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions 4.0.5 through 4.1.0 Description: The issue is related to the mail function in PHP, where the 5th parameter is not properly cleansed in safe mode, allowing local users and possibly remote attackers to execute arbitrary commands vi...
bugtraq submission
All versions of the C version of ePerl 2.2 up to current version 2.2.14 http://www.engelschall.com/sw/eperl/ Severity: Low Systems Affected: Unix systems Description: ePerl allows the user to embed perl code specified inside ePerl delimiters in HTML. ePerl has the ability to "safely" include...
CVE-2000-0059
PHP3 with safemode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands...
PHP 3.0.13 - Safe_mode Failure
PHP 3.0.13 - Safemode Failure source: https://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developer...
PHP 3.0.13 - 'Safe_mode' Failure
source: https://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generat...
foolproof-bypass.txt
FoolProof found to be full of security glitches FoolProof a product by SmartStuff was intentionally programed to stop users from increasing computer maintaince by installing new software, changing the current computer configuration and so on by limiting the functions a user can do. The mentioned...