Computer Security
[EN] no-pyccku

PHP Safe Mode protection bypass
SecurityVulns ID:6597
Threat Level:
Description:By usgin ini_restore function it's possible to clear safe_mode variable.
Affected:PHP : PHP 4.4
 PHP : PHP 5.1
 PHP : PHP 5.2
Original documentdocumentMaksymilian Arciemowicz, PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() (11.09.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.09.2006
SecurityVulns ID:6598
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 OPENBB : OpenBB 1.0
 PUNBB : PunBB 1.2
 XHP : XHP CMS 0.5
 SIMPLEBOARD : SimpleBoard 1.1
 VCAP : vCAP 1.9
 WEBSERVERCREATOR : Web Server Creator 0.1
 VIKINGBOARD : Vikingboard 0.1
 PHPATM : PHP Advanced Transfer Manager 1.20
 PUMA : PUMA 1.0
Original documentdocumentSHANKAR, уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP (12.09.2006)
 documentcdg393, [Full-disclosure] PHProg : Local File Inclusion + XSS + Full path disclosure (11.09.2006)
 documentcdg393, [Full-disclosure] KorviBlog - XSS permanent ! (11.09.2006)
 documentali_(at), Multible injections and vulnerabilities in Jetbox CMS (11.09.2006)
 documentali_(at), text ads xss attack (11.09.2006)
 documentl0x3_(at), Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability (11.09.2006)
 documentphilipp.niedziela_(at), PUMA 1.0 RC 2 (config.php) Remote File Inclusion (11.09.2006)
 documentl0x3_(at), PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities (11.09.2006)
 documentHACKERS PAL, MagpieRSS (a simple RSS integration tool) Full path vul (11.09.2006)
 documentt3rr0r1st_(at), VirtueMart (11.09.2006)
 documentHessam Salehi, Vikingboard 0.1b Multiple Vulnerabilities (11.09.2006)
 documentHACKERS PAL, XHP CMS v0.5.1 Vuls Xss and Full path vuls (11.09.2006)
 documentx0r0n_(at), Web Server Creator v0.1 (l) Remote Include Vulnerability (11.09.2006)
 documentstormhacker_(at), SimpleBoard Mambo Component 1.1.0 Remote File Include (11.09.2006)
 documentSHANKAR, multiple PHP application poison NULL byte vulnerability (11.09.2006)
 documentsecurma massine, vCAP calendar server Multiple vulnerabilities (11.09.2006)
Files:Exploits phpBB poison NULL byte with avatar
 Exploit punBB NULL poisoning vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod