Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2015/10/30 9:54 a.m.25 views

CVE-2007-4889

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safemode and openbasedir restrictions via the MySQL 1 LOADFILE, 2 INTO DUMPFILE, and 3 INTO OUTFILE functions, a different issue than CVE-2007-3997...

7.5CVSS6.5AI score0.13818EPSS
Exploits7References3
Prion
Prion
added 2009/11/23 5:30 p.m.20 views

Design/Logic Flaw

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...

5CVSS6.5AI score0.02096EPSS
Exploits2References22Affected Software1
Cvelist
Cvelist
added 2009/11/23 5:0 p.m.25 views

CVE-2009-3557

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...

9.4AI score0.02096EPSS
Exploits2References22
UbuntuCve
UbuntuCve
added 2009/11/23 12:0 a.m.31 views

CVE-2009-3557

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...

5CVSS5.9AI score0.02096EPSS
Exploits2References3
NVD
NVD
added 2008/06/20 1:41 a.m.16 views

CVE-2008-2666

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safemode restrictions by creating a subdirectory named http: and then placing ../ dot dot slash sequences in an http URL argument to the 1 chdir or 2 ftok function...

5CVSS7.7AI score0.13923EPSS
Exploits2References17
UbuntuCve
UbuntuCve
added 2008/06/20 1:41 a.m.30 views

CVE-2008-2665

Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...

5CVSS7.1AI score0.03377EPSS
Exploits4References1
CVE
CVE
added 2007/08/25 12:0 a.m.54 views

CVE-2007-4528

CVE-2007-4528 concerns PHP’s Foreign Function Interface (ffi) extension in PHP 5.0.5, which does not enforce safe_mode restrictions. This can let context-dependent attackers load an arbitrary DLL and call a function (e.g., kernel32.dll and WinExec), yielding arbitrary code execution in affected c...

4.3CVSS7.5AI score0.04703EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2007/08/25 12:0 a.m.27 views

CVE-2007-4528

The Foreign Function Interface ffi extension in PHP 5.0.5 does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does n...

7.5AI score0.04703EPSS
Exploits0References1
NVD
NVD
added 2007/05/24 6:30 p.m.12 views

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

10CVSS6.5AI score0.07112EPSS
Exploits1References3
CVE
CVE
added 2007/05/24 6:0 p.m.74 views

CVE-2007-0448

CVE-2007-0448 : The PHP 5.2.0 fopen implementation fails to properly handle invalid URI handlers, enabling context-dependent attackers to bypass safe_mode and read arbitrary files via a path specified with an invalid URI (illustrated by the srpath URI). This is documented across multiple sources ...

10CVSS6.4AI score0.07112EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder