31 matches found
EUVD-2006-5691
Malware in sbrugna...
EUVD-2006-1498
Malware in sbrugna...
EUVD-2009-3538
Malware in sbrugna...
CVE-2012-5663
The isearch package textproc/isearch before 1.47.01nb1 uses the tempnam function to create insecure temporary files into a publicly-writable area /tmp...
SUSE CVE-2006-1494
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...
SUSE CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...
SUSE CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2012-5663
The isearch package textproc/isearch before 1.47.01nb1 uses the tempnam function to create insecure temporary files into a publicly-writable area /tmp...
PHP Multiple Function Security Bypass Vulnerabilities
PHP is a general-purpose web programming language. A security bypass vulnerability exists in the PHP setincludepath, tempnam, rmdir, and readlink functions, where by accepting null values in a path, a remote attacker can submit special values to bypass security controls on the path values...
PHP 4.x tempnam() Function open_basedir Restriction Bypass
No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...
PHP <5.2.13 tempnam()函数safe_mode验证绕过安全限制漏洞
No description provided by source...
Design/Logic Flaw
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
CVE-2010-1129
The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...
PHP tempname()函数绕过safe_mode安全限制漏洞
BUGTRAQ ID: 36555 CVE ID: CVE-2009-3557 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的tempnam中的错误可能允许绕过safemode限制。以下是ext/standard/file.c中的有漏洞代码段: PHPFUNCTIONtempnam char dir, prefix; int dirlen, prefixlen; sizet plen; char openedpath; char p; int fd; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss"...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)
Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dbareplace function. If a script passed untrusted input to the dbareplace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. CVE-2008-7068 It was...
CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...
CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...
CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...