54 matches found
EUVD-2006-5691
Malware in sbrugna...
EUVD-2006-1498
Malware in sbrugna...
EUVD-2009-3538
Malware in sbrugna...
CVE-2012-5663
The isearch package textproc/isearch before 1.47.01nb1 uses the tempnam function to create insecure temporary files into a publicly-writable area /tmp...
SUSE CVE-2006-1494
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...
SUSE CVE-2006-2660
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the...
SUSE CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass openbasedir restrictions and perform unspecified actions via unspecified vectors involving the 1 chdir and 2 tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494...
SUSE CVE-2008-2266
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression...
SUSE CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...
SUSE CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2012-5663
The isearch package textproc/isearch before 1.47.01nb1 uses the tempnam function to create insecure temporary files into a publicly-writable area /tmp...
CVE-2012-5663
The CVE-2012-5663 entry affects the isearch package (textproc/isearch) prior to version 1.47.01nb1. The root cause is the use of tempnam() to create temporary files in /tmp, a publicly-writable directory, leading to potential integrity concerns. Per the referenced data, the vulnerability has inte...
UBUNTU-CVE-2015-4025
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...
PHP Multiple Function Security Bypass Vulnerabilities
PHP is a general-purpose web programming language. A security bypass vulnerability exists in the PHP setincludepath, tempnam, rmdir, and readlink functions, where by accepting null values in a path, a remote attacker can submit special values to bypass security controls on the path values...
PHP 4.x tempnam() Function open_basedir Restriction Bypass
No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...
PHP <5.2.13 tempnam()函数safe_mode验证绕过安全限制漏洞
No description provided by source...
Mandriva Linux Security Advisory : php (MDVSA-2009:303)
Some vulnerabilities were discovered and corrected in php-5.2.11 : The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, v...
Design/Logic Flaw
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...