Searching safe mode software vulnerabilities

PHP3 with safe_mode enabled does not properly f

metacharacters | attackers | safe_mode | commands | executed | properly | enabled | execute | remote | filter | could | allow | which | shell | popen | PHP3 | does | not |

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.


The php_check_safe_mode_include_dir function in

php_check_safe_mode_include_dir | fopen_wrappersc | function | success | returns | value | PHP | 43x |

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.


PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when ru

PHP |

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.


The safe mode checks in PHP 4.x to 4.3.9 and PH

checks | mode | safe | PHP |

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.


The exec_dir PHP patch (php-exec-dir) 4.3.2 thr

exec_dir | patch | PHP |

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.


Multiple vulnerabilities in PHP before 4.4.1 al

vulnerabilities | Multiple | before | PHP |

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.


Unspecified vulnerability in PHP before 4.4.1,

vulnerability | Unspecified | before | PHP |

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.


The copy function in file.c in PHP 4.4.2 and 5.

function | filec | copy | PHP |

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.


The cURL library (libcurl) in PHP 4.4.2 and 5.1

library | cURL |

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.


The error_log function in basic_functions.c in

basic_functionsc | error_log | function | before | PHP |

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.


The (1) file_exists and (2) imap_reopen functio


The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.


The cURL extension files (1) ext/curl/interface

extension | files | cURL |

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.


PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allow

PHP |

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.


PHP 5.2.0 and 4.4 allows local users to bypass

PHP |

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.


The fopen function in PHP 5.2.0 does not proper

function | fopen | PHP |

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.


PHP before 5.2.1 allows attackers to bypass saf

before | PHP |

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.


The win32std extension in PHP 5.2.3 does not fo

extension | win32std | PHP |

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.


Multiple unspecified vulnerabilities in Intersp

vulnerabilities | ArticleLive | unspecified | Interspire | Multiple | before |

Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to (1) AL_SANITIZE and (2) "Calling the constructor to make sure things are checked, safe mode, etc."


The perl extension in PHP does not follow safe_

context-dependent | restrictions | attackers | safe_mode | arbitrary | extension | function | execute | allows | follow | which | eval | code | perl | does | via | not | PHP |

The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.


The MySQL extension in PHP 5.2.4 and earlier al

extension | MySQL | PHP |

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.


Software vulnerabilities results 1 to 20 of 292     
Page: 12345...15