Page 74 of 401 results (0.011 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 2

CVE-2006-4023

https://notcve.org/view.php?id=CVE-2006-4023

The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. La función ip2long en PHP 5.1.4 y anteriores puede validar incorrectamente una cadena de su elección y devolver una dirección IP, la cual permite a atacantes remotos obtener información y facilitar otros ataques, como se demostró usando inyección SQL en la cabecera X-FORWARDED-FOR en index.php en MiniBB 2.0. NOTA: podría discutirse que el funcionamiento ip2long representa un riesgo para los asuntos de seguridad relevantes en la medida que es similar al papel de los strcpy en el desbordamiento de búfer, en cuyo caso esto podría ser un tipo de bug de implementación que requeriría separar los asuntos CVE para cada aplicación PHP que utiliza ip2long en una manera se seguridad relevante. • http://retrogod.altervista.org/php_ip2long.htm http://securitytracker.com/id?1016609 http://www.securityfocus.com/archive/1/441529/100/100/threaded http://www.securityfocus.com/archive/1/441708/100/100/threaded •

CVSS: 4.6EPSS: 0%CPEs: 67EXPL: 4

CVE-2006-4020 – PHP 4.4.3/5.1.4 - 'sscanf' Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2006-4020

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. scanf.c en PHP 5.1.4 y anteriores, y 4.4.3 y anteriores, permite a atacantes (locales o remotos dependiendo del contexto) ejecutar código de su elección mediante una llamada a la función sscanf de PHP que realiza un intercambio de argumentos que incrementa un índice más allá del final de un array y dispara una lectura de búfer fuera de límite. • https://www.exploit-db.com/exploits/2193 ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://bugs.php.net/bug.php?id=38322 http://rhn.redhat.com/errata/RHSA-2006-0688.html http://rhn.redhat.com/errata/RHSA-2006-0736.html http://secunia.com/advisories/21403 http://secunia.com/advisories/21467 http://secunia.com/advisories/21546 http://secunia.com/advisories/21608 http://secunia.com/advisories/21683 http://secunia.com/advisories/21768 h •

CVSS: 4.6EPSS: 0%CPEs: 77EXPL: 2

CVE-2006-3011 – PHP 5.2.6 - 'error_log' Safe_mode Bypass

https://notcve.org/view.php?id=CVE-2006-3011

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. La función error_log en basic_functions.c en PHP anterior v4.4.4 y v5.x anterior v5.1.5 permite a usuarios locales superar el modo de seguridad y las restricciones open_basedir a través de un "php://" u otros esquemas en el tercer argumento, que deshabilitan el modo seguro. • https://www.exploit-db.com/exploits/7171 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u http://secunia.com/advisories/20818 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://secunia.com/advisories/21546 http://securityreason.com/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

CVE-2006-3018

https://notcve.org/view.php?id=CVE-2006-3018

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. Vulnerabilidad no especificada en la funcionalidad de extensión de sesión en PHP anterior a la versión 5.1.3 tiene un impacto y vectores de ataque desconocidos, relacionados con una corrupción de memoria dinámica. • http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://securitytracker.com/id?1016306 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.osvdb.org/25254 http://www.php.net/release_5_1_3.php http://www.securityfocus.com/bid/17843 http://www.ubuntu.com/usn/usn-320-1 •