Lucene search
K

4484 matches found

seebug.org
seebug.org
added 2007/03/30 12:0 a.m.57 views

PHP Session.Save_Path() TMPDIR Open_Basedir限制绕过漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP session.savepath存在openbasedir绕过问题,远程攻击者可能利用此漏洞结合其他漏洞进行进一步攻击,如包含文件。 当提供空会话保存路径时,文件会话存储模块通过TMPDIR环境变量指定回调的路径,不幸的是回调发生在openbasedir检查之后,可导致安全检查被绕过。进行其他进一步攻击。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP P...

6.8AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.6 views

Opera security advisory 2004-12-10 – Opera Security Advisories

Opera security advisory 2004-12-10 – Opera Security Advisories OPCOM Team | February 9, 2007 Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog...

5.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2007/01/14 12:0 a.m.23 views

trevorchan07-rfi.txt

------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:Trevorchan v0.7 Download: http://rel.trevorchan.org/Releasev07.zip Contact: ilker Kandemir Code: requireonce$tcconfig'rootdir'."/inc/functions.php";...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/12/08 12:0 a.m.10 views

PHP 5.2 - Session.Save_Path() Safe_mode open_basedir Restriction Bypass

PHP 5.2 - Session.SavePath Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2006/12/07 5:0 p.m.16 views

CVE-2006-6378

BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests...

6.6AI score0.01413EPSS
Exploits0References3
NVD
NVD
added 2006/08/07 7:4 p.m.15 views

CVE-2006-4013

Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam SBAS before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in 1 DATABLOB-GET and 2 DATABLOB-SAVE...

7.6CVSS6.8AI score0.04452EPSS
Exploits0References9
Cvelist
Cvelist
added 2006/08/07 7:0 p.m.23 views

CVE-2006-4013

Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam SBAS before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in 1 DATABLOB-GET and 2 DATABLOB-SAVE...

6.8AI score0.04452EPSS
Exploits0References9
Prion
Prion
added 2006/03/29 1:6 a.m.12 views

Design/Logic Flaw

Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog...

7.2CVSS7.2AI score0.00498EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/03/29 1:0 a.m.13 views

CVE-2006-1484

Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog...

6.7AI score0.00498EPSS
Exploits1References5
CVE
CVE
added 2006/03/29 1:0 a.m.32 views

CVE-2006-1484

Genius VideoCAM NB Driver is affected by a local privilege escalation where privileges are not dropped when saving files. The vulnerability enables local users to gain higher privileges by opening arbitrary files through the driver’s save-as dialog. Affected component is the Genius VideoCAM NB Dr...

7.2CVSS6.7AI score0.00498EPSS
Exploits1References5Affected Software1
myhack58
myhack58
added 2006/01/29 12:0 a.m.28 views

The Windows in the DLL Files the basic principle and modified method-vulnerability warning-the black bar safety net

A DLL file is common sense DLL is a Dynamic Link Library acronym meaning Dynamic Link Library. In Windows, many applications are not a complete executable file, which is divided into a number of relatively independent Dynamic Link Library that DLL file, placed in the system. When we execute a...

0.4AI score
Exploits0
OSV
OSV
added 2006/01/20 9:3 p.m.2 views

DEBIAN-CVE-2006-0045

crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges...

7.2CVSS6.6AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2006/01/20 9:0 p.m.48 views

CVE-2006-0045

CVE-2006-0045 affects the crawl game prior to 4.0.0, where saving/loading can trigger insecure execution of programs, allowing local users to gain full privileges. Root cause: the program does not securely call external commands during save/load. Practical impact is local privilege escalation; no...

7.2CVSS6.4AI score0.00336EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2006/01/20 12:0 a.m.3 views

PT-2006-1134 · Crawl · Crawl

Name of the Vulnerable Software and Affected Versions: crawl versions prior to 4.0.0 Description: The issue allows local users to gain privileges due to insecure calls to programs when saving and loading games. Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to...

7.2CVSS6.9AI score0.00336EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2005/10/23 12:0 a.m.4 views

PT-2005-4099 · Ftgate · Mailsite Express

Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...

5CVSS6.7AI score0.01309EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/09/08 4:0 a.m.18 views

CVE-2005-2864

URBAN 1.5.31 allows local users to overwrite arbitrary files via a symlink attack on the 1 high score or 2 save game files...

6.2AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/07/17 4:0 a.m.24 views

CVE-2004-2225

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button...

6.6AI score0.01805EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2005/01/21 12:0 a.m.23 views

DivX Player 2.6 - '.Skin' File Directory Traversal

source: https://www.securityfocus.com/bid/12332/info DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed. Ultimately an attacker may exploit this issue to save a script or executable file in an arbitrary...

7.4AI score
Exploits0
OSV
OSV
added 2005/01/10 5:0 a.m.3 views

DEBIAN-CVE-2004-1272

Buffer overflow in the saveembeddedaddress function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message...

10CVSS8.2AI score0.05954EPSS
Exploits1References1
CERT
CERT
added 2004/12/17 12:0 a.m.15 views

Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog

Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...

6.4AI score
Exploits0References7
Rows per page
Query Builder