CVE-2015-5723
https://notcve.org/view.php?id=CVE-2015-5723
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de caché, lo que permite a usuarios locales ejecutar código PHP arbitrario con privilegios adicionales aprovechando una aplicación con el umask establecido a 0 y que ejecuta entradas de caché como código. • http://framework.zend.com/security/advisory/ZF2015-07 http://www.debian.org/security/2015/dsa-3369 http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2004-2683
https://notcve.org/view.php?id=CVE-2004-2683
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server. • http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583 http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48 •