262 matches found
CVE-2007-1710
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safemode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence...
PHP security issues: a remote overflow, DoS, safe_mode bypass vulnerability-vulnerability warning-the black bar safety net
One, the Web serversecurity PHP actually but is the Web server of a module function, so the first thing to ensure Web Server Security. Of course Web server to be secure and must be first to ensure the system safe, so you pull away, endless. PHP can be and various The Web server binding, also here...
PHP 4.x tempnam() Function open_basedir Restriction Bypass
No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...
PHP 4.x SafeMode Arbitrary File Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and...
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit
No description provided by source. ?php ---------------------------------------------------- -----PHP FFI Extension Safemode Bypass Exploit----- ---------------------------------------------------- -Tested on 5.0.5------------------------------------...
PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...
PHP <= 5.3.1 'session_save_path()' 'safe_mode' Restriction-Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38182/info PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions. This vulnerability would be an issue in shared-hosting...
PHP 4.x/5.0/5.1 mb_send_mail() Function Parameter Restriction Bypass
No description provided by source. source: http://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, a...
PHP 5.2.5 Multiple Functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/31064/info PHP is prone to 'safemodeexecdir' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary code. These vulnerabilities would be an issue in...
PHP <= 3.0.13 'safe_mode' Failure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web...
PHP <= 5.2.6 - chdir Function http URL Argument safe_mode Restriction Bypass
No description provided by source. source: http://www.securityfocus.com/bid/29796/info PHP is prone to multiple 'safemode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible...
Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Exploit
No description provided by source. ?php Name: Nuked-klaN = 1.7.7 and = SP4.4 Multiple Vulnerabilities Exploit Credits: Charles FOL charlesfolathotmail.fr URL: http://real.o-n.fr/ Date: 14/10/2008 Special thanks to Louis for remembering me I had to finish it = VULNERABILITY DETAILS...
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain...
PHP 5.1.x < 5.1.5 Multiple Vulnerabilities
According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safemode or openbasedir functions. CVE-2006-1017 - A buffer...
PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass
According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. The Foreign Function Interface ffi extension does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary D...
PHP 5. x COM functions to mention the right vulnerability-vulnerability warning-the black bar safety net
PHP is“hypertext pre-processing language”for Hypertext Preprocessor acronym, is an HTML embedded language. It can be more than the CGI or Perl more rapid implementation of dynamic web pages. PHP has a very powerful function, all of CGI or JavaScript functions, PHP can be achieved, supports almost...
CVE-2010-2484
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal function or handler...
Fedora 11 : maniadrive-1.2-18.fc11 / php-5.2.13-1.fc11 (2010-4114)
This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related, including: Fixed safemode validation inside tempnam when the directory path does not does not end with a / Fixed a possible openbasedir/safemode bypass in the sessio...
Fedora 12 : maniadrive-1.2-21.fc12 / php-5.3.2-1.fc12 (2010-4212)
This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: - Improved LCG entropy. Rasmus, Samy Kamkar - Fixed safemode validation inside tempnam when the directory path does not end with a /. Martin Jansen - Fixed a...
CVE-2010-2100
The 1 htmlentities, 2 htmlspecialchars, 3 strgetcsv, 4 httpbuildquery, 5 strpbrk, and 6 strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function,...