CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4432
https://notcve.org/view.php?id=CVE-2006-4432
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection. Vulnerabilidad de atravesamiento de directorios en Zend Platform 2.2.1 y anteriores permite a atacantes remotos sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en el componente final del identificador de sesión PHP (PHPSESSID). • http://secunia.com/advisories/21573 http://securityreason.com/securityalert/1466 http://www.hardened-php.net/advisory_052006.128.html http://www.osvdb.org/28232 http://www.securityfocus.com/archive/1/444263/100/0/threaded http://www.vupen.com/english/advisories/2006/3388 https://exchange.xforce.ibmcloud.com/vulnerabilities/28576 •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-2006-4431
https://notcve.org/view.php?id=CVE-2006-4431
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID). Múltiples desbordamientos de búfer en el (a) Session Clustering Daemon y el módulo (b) mod_cluster en Zend Platform 2.2.1 y versiones anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código arbitrario a través de un identificador de sesión PHP (PHPSESSID) (1) vacio o (2) manipulado. • http://marc.info/?l=full-disclosure&m=115642248226217&w=2 http://secunia.com/advisories/21573 http://securityreason.com/securityalert/1466 http://www.hardened-php.net/advisory_052006.128.html http://www.osvdb.org/28230 http://www.osvdb.org/28231 http://www.securityfocus.com/archive/1/444263/100/0/threaded http://www.securityfocus.com/bid/19692 http://www.vupen.com/english/advisories/2006/3388 https://exchange.xforce.ibmcloud.com/vulnerabilities/28573 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •