CVE-2007-3367

Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2007-3366

CVE-2007-3366 describes a Cross-site scripting (XSS) vulnerability in the Simple CGI Wrapper (scgiwrap) used by cPanel, affecting cPanel before 10.9.1 and 11.x before 11.4.19-R14378. The issue allows remote attackers to inject arbitrary web script or HTML via the request URI. The connected docume...

CVE-2007-3366

Cross-site scripting XSS vulnerability in Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

CVE-2007-3294

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via 1 a long second argument to the tidyparsestring function or 2 an unspecified vector to the tidyrepairstring function. NOTE...

MOPB-pecl.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

MOPB-21-2007:PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability

Summary The compress.bzip2:// URL Wrapper defined by the bz2 extension does not perform any safemode or openbasedir checks and therefore allows access to archives outside the basedir or safemode restrictions. Affected versions Affected is PHP = 5.2.1 Detailed information No details needed Proof o...

PHP BZip2/Zip Wrappers模块多个Safe_Mode和Open_Basedir限制绕过漏

PHP是一款广泛使用的WEB开发脚本语言。 PHP包含的BZip2/Zip Wrappers模块存在限制绕过问题，远程攻击者可利用此漏洞写任意文件信息到未授权位置或访问敏感信息。 bz2扩展定义的compress.bzip2:// URL Wrapper和PECL zip定义的zip:// URL没有执行任意safemode或openbasedir限制，可导致绕过安全限制，写任意文件信息到未授权位置或访问敏感信息。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP...

Code injection

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...

CVE-2007-1460

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or openbasedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories...

CVE-2007-1461

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...

CVE-2007-1399

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or...

Stack overflow

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or...

CVE-2007-1399

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or...

PT-2007-2793

Name of the Vulnerable Software and Affected Versions PECL ZIP versions 1.8.3 and earlier PHP versions 5.2.0 and 5.2.1 Description The issue is a stack-based buffer overflow in the zip:// URL wrapper. This allows remote attackers to execute arbitrary code via a long zip:// URL. Attackers can...

MOPB-16-2007:PHP zip:// URL Wrapper Buffer Overflow Vulnerability

Summary Since PHP 5.2.0 the PECL zip extension is bundled and for example activated by default in the popular dotdeb PHP distribution. This extension provides access to zip files and also introduces the zip:// URL wrapper. A stack based bufferoverflow in the URL parsing of the zip:// wrapper can ...

PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

ICONICS Dialog Wrapper模块ActiveX控件远程栈溢出漏洞

ICONICS是一家专业提供基于OPC可视化软件的公司，ICONICS Dialog Wrapper模块ActiveX控件是捆绑于启用了OPC的可视化工具中的控件。 ICONICS Gauge ActiveX、ICONICS Switch ActiveX和ICONICS Vessel ActiveX中所使用的Dialog Wrapper模块ActiveX控件（DlgWrapper.dll）在处理DoModal方式时存在栈溢出漏洞。如果远程攻击者能够通过FileName或Filter参数传送超长字符串的话，就会触发这个漏洞，导致执行任意代码。 ICONICS Dialog Wrapper...

Iconics Dialog Wrapper Module ActiveX控件未明远程堆栈缓冲区溢出漏洞

Iconics Dialog Wrapper模块ActiveX控件存在一个未明缓冲区溢出问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 ICONICS, Inc. Dialog Wrapper Module ActiveX Control 升级程序： ICONICS, Inc. Dialog Wrapper Module ActiveX Control 0 ICONICS, Inc. FreeToolsActiveXDlgWrapperHotFix.zip...

CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control DlgWrapper.dll before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long 1 FileName or 2 Filter argument...