CVSS: 3.6EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1734
https://notcve.org/view.php?id=CVE-2008-1734
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. Conflicto de interpretación en PHP Toolkit antes de 1.0.1 en Gentoo Linux podría permitir a usuarios locales provocar una denegación de servicio (Parada PHP) y leer contenidos de secuencias de comandos PHP creando un archivo con un nombre de una letra del alfabeto en minúsculas, lo que dispara la interpretación de cierto argumento [a-z] no entrecomillado como un intérprete de comandos glob coincidente para este nombre, mejor que una interpretación como la cadena de expresión regular [a-z] literal y consecuentemente bloquea el lanzamiento del intérprete PHP del Servidor Apache HTTP. • http://bugs.gentoo.org/show_bug.cgi?id=209535 http://security.gentoo.org/glsa/glsa-200804-19.xml http://www.securityfocus.com/bid/28844 https://exchange.xforce.ibmcloud.com/vulnerabilities/41928 • CWE-20: Improper Input Validation •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0202
https://notcve.org/view.php?id=CVE-2006-0202
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. • http://secunia.com/advisories/18444 http://www.osvdb.org/22379 http://www.securityfocus.com/archive/1/421739 http://www.securityfocus.com/bid/16218 http://www.uinc.ru/articles/vuln/ptpaypal050.shtml http://www.vupen.com/english/advisories/2006/0183 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2006-0201
https://notcve.org/view.php?id=CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. • http://secunia.com/advisories/18444 http://www.osvdb.org/22378 http://www.securityfocus.com/archive/1/421739 http://www.securityfocus.com/bid/16218 http://www.uinc.ru/articles/vuln/ptpaypal050.shtml http://www.vupen.com/english/advisories/2006/0183 •