CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1734
https://notcve.org/view.php?id=CVE-2008-1734
18 Apr 2008 — Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. Conflicto ... • http://bugs.gentoo.org/show_bug.cgi?id=209535 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0202
https://notcve.org/view.php?id=CVE-2006-0202
13 Jan 2006 — Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. • http://secunia.com/advisories/18444 •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0201
https://notcve.org/view.php?id=CVE-2006-0201
13 Jan 2006 — Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. • http://secunia.com/advisories/18444 •