|Max CVSS||7.5||Min CVSS||1.2||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
|30-10-2018 - 16:25||12-09-2006 - 16:07|
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_o
|30-10-2018 - 16:25||31-08-2006 - 21:04|
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not ru
|19-10-2018 - 15:45||08-02-2006 - 00:06|
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate
|11-10-2017 - 01:30||23-08-2005 - 04:00|
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
|20-07-2017 - 01:31||26-06-2006 - 21:05|
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
|20-07-2017 - 01:31||29-05-2006 - 16:02|
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
|15-09-2010 - 04:54||14-06-2006 - 23:02|
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signatur
|07-01-2009 - 05:00||16-09-2005 - 22:03|