K16993: PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026

Security Advisory Description CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with...

Users can be tricked into uploading unexpected files

Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If the user can be convinced to focus a file input and paste the contents of the clipboard, the file can then be immediately uploaded without...

Microsoft IE HTML渲染远程代码执行漏洞（MS10-018）

BUGTRAQ ID: 39024 CVE ID: CVE-2010-0807 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer访问已被删除的对象的方式中存在一个远程执行代码漏洞。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 临时解决方法： 在Office 2007中禁用ActiveX控件。 不要打开意外的文件。 厂商补丁： Microsoft...