4484 matches found
PHP Session.Save_Path() TMPDIR Open_Basedir限制绕过漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP session.savepath存在openbasedir绕过问题,远程攻击者可能利用此漏洞结合其他漏洞进行进一步攻击,如包含文件。 当提供空会话保存路径时,文件会话存储模块通过TMPDIR环境变量指定回调的路径,不幸的是回调发生在openbasedir检查之后,可导致安全检查被绕过。进行其他进一步攻击。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP P...
Opera security advisory 2004-12-10 – Opera Security Advisories
Opera security advisory 2004-12-10 – Opera Security Advisories OPCOM Team | February 9, 2007 Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog...
trevorchan07-rfi.txt
------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:Trevorchan v0.7 Download: http://rel.trevorchan.org/Releasev07.zip Contact: ilker Kandemir Code: requireonce$tcconfig'rootdir'."/inc/functions.php";...
PHP 5.2 - Session.Save_Path() Safe_mode open_basedir Restriction Bypass
PHP 5.2 - Session.SavePath Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in...
CVE-2006-6378
BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests...
CVE-2006-4013
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam SBAS before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in 1 DATABLOB-GET and 2 DATABLOB-SAVE...
CVE-2006-4013
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam SBAS before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in 1 DATABLOB-GET and 2 DATABLOB-SAVE...
Design/Logic Flaw
Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog...
CVE-2006-1484
Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog...
CVE-2006-1484
Genius VideoCAM NB Driver is affected by a local privilege escalation where privileges are not dropped when saving files. The vulnerability enables local users to gain higher privileges by opening arbitrary files through the driver’s save-as dialog. Affected component is the Genius VideoCAM NB Dr...
The Windows in the DLL Files the basic principle and modified method-vulnerability warning-the black bar safety net
A DLL file is common sense DLL is a Dynamic Link Library acronym meaning Dynamic Link Library. In Windows, many applications are not a complete executable file, which is divided into a number of relatively independent Dynamic Link Library that DLL file, placed in the system. When we execute a...
DEBIAN-CVE-2006-0045
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges...
CVE-2006-0045
CVE-2006-0045 affects the crawl game prior to 4.0.0, where saving/loading can trigger insecure execution of programs, allowing local users to gain full privileges. Root cause: the program does not securely call external commands during save/load. Practical impact is local privilege escalation; no...
PT-2006-1134 · Crawl · Crawl
Name of the Vulnerable Software and Affected Versions: crawl versions prior to 4.0.0 Description: The issue allows local users to gain privileges due to insecure calls to programs when saving and loading games. Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to...
PT-2005-4099 · Ftgate · Mailsite Express
Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...
CVE-2005-2864
URBAN 1.5.31 allows local users to overwrite arbitrary files via a symlink attack on the 1 high score or 2 save game files...
CVE-2004-2225
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button...
DivX Player 2.6 - '.Skin' File Directory Traversal
source: https://www.securityfocus.com/bid/12332/info DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed. Ultimately an attacker may exploit this issue to save a script or executable file in an arbitrary...
DEBIAN-CVE-2004-1272
Buffer overflow in the saveembeddedaddress function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message...
Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog
Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...