Lucene search
PRIOn knowledge basePRION:CVE-2007-1460HistoryMar 14, 2007 - 6:19 p.m.
Code injection
2007-03-1418:19:00
PRIOn knowledge base
www.prio-n.com
7
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
References
docs.info.apple.com/article.html?artnum=306172
lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
secunia.com/advisories/25056
secunia.com/advisories/26235
us2.php.net/releases/4_4_7.php
us2.php.net/releases/5_2_2.php
www.novell.com/linux/security/advisories/2007_32_php.html
www.php-security.org/MOPB/MOPB-20-2007.html
www.securityfocus.com/bid/22954
www.securityfocus.com/bid/25159
www.vupen.com/english/advisories/2007/2732
Related
cvelist
cvelist
CVE-2007-1460
2007-03-14 18:00:00
nvd
nvd
CVE-2007-1460
2007-03-14 18:19:00
redhatcve
redhatcve
CVE-2007-1460
2015-10-30 09:48:00
ubuntucve
ubuntucve
CVE-2007-1460
2007-03-14 00:00:00
cve
cve
CVE-2007-1460
2007-03-14 18:19:00
securityvulns
securityvulns
PHP zip:// URL buffer overflow
2007-03-10 00:00:00
suse
suse
remote code execution in php4,php5
2007-05-23 13:16:49
nessus
nessus
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)
2007-10-17 00:00:00
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
2007-05-04 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
2007-08-02 00:00:00
openvas
openvas
SuSE Update for php4,php5 SUSE-SA:2007:032
2009-01-28 00:00:00
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00