CVE-2006-3011 – PHP 5.2.6 - 'error_log' Safe_mode Bypass
https://notcve.org/view.php?id=CVE-2006-3011
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. La función error_log en basic_functions.c en PHP anterior v4.4.4 y v5.x anterior v5.1.5 permite a usuarios locales superar el modo de seguridad y las restricciones open_basedir a través de un "php://" u otros esquemas en el tercer argumento, que deshabilitan el modo seguro. • https://www.exploit-db.com/exploits/7171 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u http://secunia.com/advisories/20818 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://secunia.com/advisories/21546 http://securityreason.com/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-3018
https://notcve.org/view.php?id=CVE-2006-3018
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. Vulnerabilidad no especificada en la funcionalidad de extensión de sesión en PHP anterior a la versión 5.1.3 tiene un impacto y vectores de ataque desconocidos, relacionados con una corrupción de memoria dinámica. • http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://securitytracker.com/id?1016306 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.osvdb.org/25254 http://www.php.net/release_5_1_3.php http://www.securityfocus.com/bid/17843 http://www.ubuntu.com/usn/usn-320-1 •
CVE-2006-3016
https://notcve.org/view.php?id=CVE-2006-3016
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://rhn.redhat.com/errata/RHSA-2006-0736.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/22004 http://secunia.com/advisories/22069 http://secunia.com/advisories/22225 http://secunia.com/advisories/22440 http://secunia.com/advisories/22487 http://secunia.com/advisories/23247 http://securitytracker.com/id?1016306 http://support.avaya.com/el •
CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •
CVE-2004-1018 – PHP 3/4/5 - Multiple Local/Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** NO USE ESTE NÚMERO DE CANDIDATA. • https://www.exploit-db.com/exploits/24854 https://www.exploit-db.com/exploits/24855 http://marc.info/?l=bugtraq&m=110314318531298&w=2 http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.osvdb.org/12411 http://www.php.net/release_4_3_10.php http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.redhat.com/support& •