all things security
Showing 1 - 5 of 5 RSS Feed

CVE-2007-4850

Status Candidate

Overview

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a x00 sequence, a different vulnerability than CVE-2006-2563.

Related Files

Mandriva Linux Security Advisory 2009-065
Posted Mar 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-065 - A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request. Improved mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c. PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within.htaccess, which causes this setting to be applied to other virtual hosts on the same server. The updated packages have been patched to correct these issues.

tags | advisory, web, arbitrary, local, php
systems | linux, mandriva
advisories | CVE-2007-4850, CVE-2008-5557, CVE-2009-0754
MD5 | b5657a2c544b315ad3778fb35d9e5763
Mandriva Linux Security Advisory 2009-023
Posted Jan 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-023 - Denial of service, bypass, and various buffer overflows have been addressed in the php package.

tags | advisory, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2007-4782, CVE-2007-4850, CVE-2008-1384, CVE-2008-2050, CVE-2008-2371, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498
MD5 | 2245b4abadd1d12bf9d0d208602b96d8
Mandriva Linux Security Advisory 2009-022
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.

tags | advisory, denial of service, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-4782, CVE-2007-4850, CVE-2008-1384, CVE-2008-2050, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498
MD5 | 4040d8559ccadb70d4465b917a6859ae
Ubuntu Security Notice 628-1
Posted Jul 23, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829
MD5 | 6cd6d0407e8f8ffd96589e18817d582e
php525-curlbypass.txt
Posted Jan 24, 2008
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHP versions 5.2.5 and 5.2.4 suffer from a cURL related safe_mode bypass vulnerability.

tags | advisory, php, bypass
advisories | CVE-2007-4850
MD5 | 9f0eaac366a2442411000be5a1a87977
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close