Page 74 of 430 results (0.019 seconds)

CVSS: 7.5EPSS: 3%CPEs: 65EXPL: 0

CVE-2006-4433

https://notcve.org/view.php?id=CVE-2006-4433

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation. PHP anterior a 4.4.3 y 5.x anterior a 5.1.4 no limita el conjunto de caracteres del identificador de sesión (PHPSESSID) para manejadores de sesión de terceros, lo cual puede hacer más fácil a atacantes remotos explotar otras vulnerabilidades insertando código PHP en el PHPSESSID, que es guardado en el fichero de sesión. NOTA: puede ser argumentado que no es una vulnerabilidad en PHP en si misma, sino más bien una limitación de diseño que habilita ciertos ataques sobre manejadores de sesión que no tienen en cuenta esta limitación. • http://secunia.com/advisories/21573 http://securityreason.com/securityalert/1466 http://www.hardened-php.net/advisory_052006.128.html http://www.osvdb.org/28233 http://www.osvdb.org/28273 http://www.securityfocus.com/archive/1/444263/100/0/threaded http://www.vupen.com/english/advisories/2006/3388 •

CVSS: 4.6EPSS: 0%CPEs: 67EXPL: 4

CVE-2006-4020 – PHP 4.4.3/5.1.4 - 'sscanf' Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2006-4020

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. scanf.c en PHP 5.1.4 y anteriores, y 4.4.3 y anteriores, permite a atacantes (locales o remotos dependiendo del contexto) ejecutar código de su elección mediante una llamada a la función sscanf de PHP que realiza un intercambio de argumentos que incrementa un índice más allá del final de un array y dispara una lectura de búfer fuera de límite. • https://www.exploit-db.com/exploits/2193 ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://bugs.php.net/bug.php?id=38322 http://rhn.redhat.com/errata/RHSA-2006-0688.html http://rhn.redhat.com/errata/RHSA-2006-0736.html http://secunia.com/advisories/21403 http://secunia.com/advisories/21467 http://secunia.com/advisories/21546 http://secunia.com/advisories/21608 http://secunia.com/advisories/21683 http://secunia.com/advisories/21768 h •

CVSS: 4.6EPSS: 0%CPEs: 77EXPL: 2

CVE-2006-3011 – PHP 5.2.6 - 'error_log' Safe_mode Bypass

https://notcve.org/view.php?id=CVE-2006-3011

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. La función error_log en basic_functions.c en PHP anterior v4.4.4 y v5.x anterior v5.1.5 permite a usuarios locales superar el modo de seguridad y las restricciones open_basedir a través de un "php://" u otros esquemas en el tercer argumento, que deshabilitan el modo seguro. • https://www.exploit-db.com/exploits/7171 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u http://secunia.com/advisories/20818 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://secunia.com/advisories/21546 http://securityreason.com/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

CVE-2006-3018

https://notcve.org/view.php?id=CVE-2006-3018

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. Vulnerabilidad no especificada en la funcionalidad de extensión de sesión en PHP anterior a la versión 5.1.3 tiene un impacto y vectores de ataque desconocidos, relacionados con una corrupción de memoria dinámica. • http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://securitytracker.com/id?1016306 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.osvdb.org/25254 http://www.php.net/release_5_1_3.php http://www.securityfocus.com/bid/17843 http://www.ubuntu.com/usn/usn-320-1 •