Page 64 of 323 results (0.035 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2008-2665

https://notcve.org/view.php?id=CVE-2008-2665

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. Vulnerabilidad de Salto de Directorio en la función posix_access de PHP 5.2.6 y versiones anteriores permite a atacantes remotos saltarse la restricciones safe_mode mediante un .. (punto punto) en una URL hhtp, lo que provoca que la URL se canonicalice (redirija) a un fichero local después de pasar correctamente la comprobación safe_mode. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/32746 http://secunia.com/advisories/35074 http://secunia.com/advisories/35650 http://security.gentoo.org/glsa/glsa-200811-05.xml http://securityreason.com/achievement_securityalert/54 http://securityreason.com/securityalert/3941 http://support.apple.com/kb/HT3549 http://wik • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 1

CVE-2008-2666 – PHP 5.2.6 - 'chdir()' Function http URL Argument Safe_mode Restriction Bypass

https://notcve.org/view.php?id=CVE-2008-2666

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. Múltiples vulnerabilidades de Salto de Directorio en PHP 5.2.6 permiten a los atacantes según contexto saltarse las restricciones safe_mode creando un subdirectorio denominado http: y colocando después secuencias ../ (punto punto barra) en un argumento http URL en la función (1) chdir o (2) ftok. • https://www.exploit-db.com/exploits/31937 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/32746 http://secunia.com/advisories/35074 http://secunia.com/advisories/35650 http://security.gentoo.org/glsa/glsa-200811-05.xml http://securityreason.com/achievement_securityalert/55 http://securityreason.com/securityalert/3942 http: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 4%CPEs: 69EXPL: 0

CVE-2007-4658 – php money_format format string issue

https://notcve.org/view.php?id=CVE-2007-4658

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. La función money_format en PHP versiones 5 anteriores a 5.2.4, y PHP versiones 4 anteriores a 4.4.8, permite múltiples tokens (1) %i y (2) %n, que tienen un impacto desconocido y vectores de ataque, posiblemente relacionados con una vulnerabilidad de cadena de formato. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/2 •

CVSS: 4.3EPSS: 36%CPEs: 69EXPL: 1

CVE-2007-3799 – PHP 5.2.3 - EXT/Session HTTP Response Header Injection

https://notcve.org/view.php?id=CVE-2007-3799

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. Una función session_start en ext/session en PHP versiones 4.x hasta 4.4.7 y versiones 5.x hasta 5.2.3, permite a atacantes remotos insertar atributos arbitrarios en la cookie de sesión por medio de caracteres especiales en una cookie que es obtenida de (1) PATH_INFO, (2) la función session_id, y (3) la función session_start, que no están codificadas o filtradas cuando es generado la nueva cookie de sesión, lo que constituye un problema relacionado con CVE-2006-0207. • https://www.exploit-db.com/exploits/30130 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/36855 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27351 http://secunia.com/advisories/27377 http://secunia&# • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 76EXPL: 0

CVE-2007-1888

https://notcve.org/view.php?id=CVE-2007-1888

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. Un desbordamiento de búfer en la función sqlite_decode_binary en el archivo src/encode.c en SQLite versión 2, tal como es utilizado por PHP versión 4.x hasta 5.x y otras aplicaciones, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de un valor vacío del parámetro in. NOTA: algunas instalaciones PHP utilizan una versión empaquetada de sqlite sin esta vulnerabilidad. • http://osvdb.org/39177 http://secunia.com/advisories/25057 http://www.attrition.org/pipermail/vim/2007-April/001540.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:091 http://www.php-security.org/MOPB/MOPB-41-2007.html http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c http://www.ubuntu.com/usn/usn-455-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/38518 •