CVE-2007-5447 – PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / disable_functions Bypass
https://notcve.org/view.php?id=CVE-2007-5447
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function. ioncube_loader_win_5.2.dll en la extensión ionCube Loader 6.5 para PHP 5.2.4 no sigue las restricciones safe_mode y disable_functions, lo cual permite a atacantes locales o remotos (dependiendo del contexto) evitar las limitaciones pretendidas, como se ha demostrado leyendo archivos de su elección mediante la función ioncube_read_file. • https://www.exploit-db.com/exploits/4517 http://osvdb.org/41708 http://secunia.com/advisories/27178 http://www.securityfocus.com/bid/26024 https://exchange.xforce.ibmcloud.com/vulnerabilities/37227 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5424
https://notcve.org/view.php?id=CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. La funcionalidad deshabilita_funciones de PHP 4 y 5 permite a atacantes remotos evitar restricciones intencionadas al utilizar alias, como se demuestra utilizando ini_alter cuando ini_set está deshabilitado. • http://securityreason.com/securityalert/3216 http://securityvulns.com/news/PHP/alias-pb.html http://securityvulns.ru/Sdocument67.html http://www.securityfocus.com/archive/1/482006/100/0/threaded •
CVE-2007-5128
https://notcve.org/view.php?id=CVE-2007-5128
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. SimpNews 2.41.03 en Windows, al utilizar PHP anterior a 5.0.0, permite a atacantes remotos obtener información sensible mediante cierto parámetro link_date a events.php, lo cual revela la ruta en un mensaje de error debido a un tipo de argumento no soportado por la función mktime en Windows. • http://forum.boesch-it.de/viewtopic.php?t=2791 http://securityreason.com/securityalert/3174 http://www.netvigilance.com/advisory0068 http://www.securityfocus.com/archive/1/480588/100/0/threaded • CWE-20: Improper Input Validation •
CVE-2007-4889
https://notcve.org/view.php?id=CVE-2007-4889
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. La extensión MySQL de PHP 5.2.4 y versiones anteriores permite a atacantes remotos evitar las restricciones safe_mode y open_basedir mediante las funciones MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, y (3) INTO OUTFILE, asunto diferente de CVE-2007-3997. • http://securityreason.com/securityalert/3134 http://www.securityfocus.com/archive/1/479082/100/0/threaded http://www.securityfocus.com/archive/1/479187/100/200/threaded http://www.securityfocus.com/archive/1/479189/100/200/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36555 •
CVE-2007-4887
https://notcve.org/view.php?id=CVE-2007-4887
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. La función dl en PHP 5.2.4 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante una cadena larga en el parámetro library. NOTA. Existen escenarios de uso limitado bajo los cuales esto sería una vulnerabilidad. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/27102 http://secunia.com/advisories/27659 http://secunia.com/advisories/28750 http://secunia.com/advisories/29420 http://secunia.com/advisories/30040 http://securityreason.com/securityalert/3133 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http: • CWE-20: Improper Input Validation •