26 matches found
EUVD-2007-1365
Malware in sbrugna...
EUVD-2006-4420
Malware in sbrugna...
EUVD-2006-4419
Malware in sbrugna...
EUVD-2007-1366
Malware in sbrugna...
Zend Platform 2.2.1 PHP.INI File Modification Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' program that may be...
Buffer overflow
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...
CVE-2007-1369
inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...
Design/Logic Flaw
inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...
CVE-2007-1370
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...
CVE-2007-1370
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safemode and openbasedir are disabled; other settings require leverage for other vulnerabilities...
CVE-2007-1369
CVE-2007-1369 affects Zend Platform 2.2.3 and earlier. The vulnerability is caused by ini_modifier (sgid-zendtech) that lets local users modify the system php.ini by editing a copy via -f and then performing a symlink attack, linking the attacker-controlled php.ini directory to /usr/local/Zend/et...
CVE-2007-1370
CVE-2007-1370 affects Zend Platform 2.2.3 and earlier, where incorrect file ownership (notably for scd.sh and related files) permits local users to gain root privileges by modifying those files. The issue occurs when safe_mode and open_basedir are disabled; other configurations may require differ...
Zend Platform ini_modifier工具非授权操作漏洞
Zend Platform是企业级PHP应用的运行时平台环境。 Zend Platform软件包的inimodifier工具在使用上存在漏洞,本地攻击者可能利用此漏洞提升权限。 在安装Zend Platform过程中安装了一个名为inimodifier的suid组二进制程序。 $ ls -la /usr/local/Zend/sbin/inimodifier -rwxr-sr-x 1 root zendtech 243240 2006-08-14 16:24 inimodifier...
Zend Platform不安全文件访问权限漏洞
Zend Platform是企业级PHP应用的运行时平台环境。 Zend Platform的文件安装存在权限配置错误,本地攻击者可能利用此漏洞获取权限提升。 Zend Platform所安装的一些二进制程序和SHELL脚本没有设置安全的文件访问权限,导致Web服务器用户或安装Zend Platform的用户帐号错误地拥有了某些文件。如果入侵了Web服务器或安装Zend Platform的用户帐号的话,攻击者就可以通过替换或编辑文件获得权限提升,在下一次服务器重启时以root用户权限执行文件。 Zend Platform = 2.2.3 ----...
BONUS-06-2007:Zend Platform Insecure File Permission Local Root Vulnerability
Summary Several binaries and shellscripts installed by the Zend Platform come with insecure file permissions. Certain files are incorrectly owned by the Web server user or owned by the user account, who installed the Zend Platform. By compromisng the web server account through for example one of...
BONUS-07-2007:Zend Platform ini_modifier Local Root Vulnerability
Summary Zend Platform comes with an inimodifier that is used by the GUI to alter the php.ini file. By abusing a vulnerability within the inimodifier it is possible for a local attacker to edit the php.ini file without knowing the necessary GUI password. This can be used to obtain root privileges ...
Zend Platform 2.2.1 - PHP.INI File Modification
Zend Platform 2.2.1 - PHP.INI File Modification source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' progra...
Zend Platform 2.2.1 - 'PHP.INI' File Modification
source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' program that may be executed by local users and will...
Zend平台多个远程漏洞
Zend Platform是企业级PHP应用的运行时平台环境。 Zend平台所捆绑的会话集群系统中存在多个漏洞,可能导致会话集群守护程序崩溃,会话函数无法工作,被攻击的节点拒绝服务。如果创建了特制的会话ID的话,攻击者还可以在会话集群守护程序的环境中或modcluster模块中执行任意代码。...
CVE-2006-4432
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence in the final component of the PHP session identifier PHPSESSID. NOTE: in some cases, this issue can be leveraged to perform direct static code...