📄 Craft CMS 5.0 Authentication Session Path Exposure

Proof of concept exploit that demonstrates an authentication session path exposure vulnerability in Craft CMS version 5.0. ============================================================================================================================================= | Title : Craft CMS 5.0...

EUVD-2007-1829

Malware in sbrugna...

SUSE CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...

SUSE CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

SUSE CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

SUSE CVE-2007-3378

The 1 sessionsavepath, 2 iniset, and 3 errorlog functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safemode and openbasedir restrictions and possibly execute arbitrary commands, as demonstrated using a phpvalue, b...

SUSE CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

PHP <= 5.2.1 Session.Save_Path() TMPDIR Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23183/info PHP is prone to a 'openbasedir' restriction-bypass vulnerability due to a design error. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

CVE-2009-4143

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...

CVE-2009-4143

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...

PHP session.save_path 存在安全绕过漏洞

No description provided by source...

phprpg-sql.txt

By Michael Brooks Vulneralbity: Sql Injection and Session Information Disclosure. Homepage:http://sourceforge.net/projects/phprpg/ Verison affected 0.8.0 There are two flaws that affect this applcation. A nearly vinnella login bypass issues affects phprpg. If magicqutoesgpc=off then this will log...

PHP RPG - Sql Injection and Session Information Disclosure.

By Michael Brooks Vulneralbity: Sql Injection and Session Information Disclosure. Homepage:http://sourceforge.net/projects/phprpg/ Verison affected 0.8.0 There are two flaws that affect this applcation. A nearly vinnella login bypass issues affects phprpg. If magicqutoesgpc=off then this will log...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

Design/Logic Flaw

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

PHP Session.Save_Path() TMPDIR Open_Basedir限制绕过漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP session.savepath存在openbasedir绕过问题，远程攻击者可能利用此漏洞结合其他漏洞进行进一步攻击，如包含文件。 当提供空会话保存路径时，文件会话存储模块通过TMPDIR环境变量指定回调的路径，不幸的是回调发生在openbasedir检查之后，可导致安全检查被绕过。进行其他进一步攻击。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP P...