Page 63 of 535 results (0.020 seconds)

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1

CVE-2008-5658 – php: ZipArchive:: extractTo() Directory Traversal Vulnerability

https://notcve.org/view.php?id=CVE-2008-5658

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. Vulnerabilidad de salto de directorio en la función ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elección a través de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto). • http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://osvdb.org/50480 http://secunia.com/advisories/35003 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.debian.org/security/2009/dsa-1789 http:&#x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 28EXPL: 1

CVE-2008-5624

https://notcve.org/view.php?id=CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable. PHP 5 en versiones anteriores a 5.2.7, no inicializa propiamente las variable page_uid y page_gid global para ser usadas por la función SAPI php_getuid, el cual permite a los atacante dependientes de contexto evitar la restricciones safe_mode a través de parámetros variables que pretende ser restringida para el directorio raíz, como demuestra por un parámetro de /etc para la variable error_log. • http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://osvdb.org/50483 http://osvdb.org/52207 http://secunia.com/advisories/35003 http://secunia.com/advisories/35650 http://securityreason.com/achievement_securityalert/59 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.debian.org/security/2009/dsa-1789 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 http://www.php.net/ChangeLog-5.php# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 2

CVE-2008-5625 – PHP 5.2.6 - 'error_log' Safe_mode Bypass

https://notcve.org/view.php?id=CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. PHP 5 versiones anteriores a 5.2.7 no cumple las restricciones error_log safe_mode cuando safe_mode está activado a través de un parámetro php_admin_flag en httpd.conf, el cual permite a los atacantes dependiente de contexto escribir arbitrariamente archivos colocando una entrada "php_value error_log" en un archivo .htaccess. • https://www.exploit-db.com/exploits/7171 http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://osvdb.org/52205 http://secunia.com/advisories/35650 http://securityreason.com/achievement_securityalert/57 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 http://www.php.net/ChangeLog-5.php#5.2& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 1%CPEs: 64EXPL: 0

CVE-2008-4107 – WordPress Core < 2.6.2 - Cryptographic Weakness

https://notcve.org/view.php?id=CVE-2008-4107

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102. Las funciones (1) rand y (2) mt_rand en PHP 5.2.6 no producen criptográficamente fuertes números aleatorios, el cual permite a los atacantes aprovechar que algunos productos confían en estas funciones para relevantes funcionalidades de seguridad, como demuestra la funcionalidad de reinicialización de contraseñas en Joomla! 1.5.x y WordPress en versiones anteriores a 2.6.2, son diferentes vulnerabilidades a CVE-2008-2107, CVE-2008-2108, y CVE-2008-4102. • http://marc.info/?l=oss-security&m=122152830017099&w=2 http://osvdb.org/48700 http://secunia.com/advisories/31737 http://secunia.com/advisories/31870 http://securityreason.com/securityalert/4271 http://securitytracker.com/id?1020869 http://wordpress.org/development/2008/09/wordpress-262 http://www.openwall.com/lists/oss-security/2008/09/11/6 http://www.securityfocus.com/archive/1/496237/100/0/threaded http://www.securityfocus.com/archive/1/496287/100/0/threaded http • CWE-189: Numeric Errors CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.0EPSS: 4%CPEs: 16EXPL: 0

CVE-2008-3660 – php: FastCGI module DoS via multiple dots preceding the extension

https://notcve.org/view.php?id=CVE-2008-3660

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. PHP 4.4.x en versiones anteriores a PHP 4.4.9 y 5.2.6 a través de 5.6, cuando se utiliza como un módulo FastCGI, permite a atacantes remotos provocar una denegación de servicio (con caida de la aplicación) a través de una solicitud con varios puntos precediendo a la extensión, como se demuestra usando foo..php. • http://bugs.gentoo.org/show_bug.cgi?id=234102 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/31982 http://secunia.com/advisories/32148 http://secunia.com/advisories/32746 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 h • CWE-20: Improper Input Validation •