Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for zend_platform by zend
CVE-2007-1369 (GCVE-0-2007-1369)
Vulnerability from nvd – Published: 2007-03-09 22:00 – Updated: 2024-08-07 12:50
VLAI
EPSS
VEX
Summary
ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/33930 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0829 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/22802 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24501 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/32773 | vdb-entryx_refsource_OSVDB |
| http://www.php-security.org/MOPB/BONUS-07-2007.html | x_refsource_MISC |
| http://www.zend.com/products/zend_platform/securi… | x_refsource_CONFIRM |
Date Public
2007-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33930"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "22802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22802"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-inimodifier-privilege-escalation(32820)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32820"
},
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/MOPB/BONUS-07-2007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33930"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "22802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22802"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-inimodifier-privilege-escalation(32820)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32820"
},
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/MOPB/BONUS-07-2007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33930",
"refsource": "OSVDB",
"url": "http://osvdb.org/33930"
},
{
"name": "ADV-2007-0829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "22802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22802"
},
{
"name": "24501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-inimodifier-privilege-escalation(32820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32820"
},
{
"name": "32773",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32773"
},
{
"name": "http://www.php-security.org/MOPB/BONUS-07-2007.html",
"refsource": "MISC",
"url": "http://www.php-security.org/MOPB/BONUS-07-2007.html"
},
{
"name": "http://www.zend.com/products/zend_platform/security_vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1369",
"datePublished": "2007-03-09T22:00:00.000Z",
"dateReserved": "2007-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:35.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1370 (GCVE-0-2007-1370)
Vulnerability from nvd – Published: 2007-03-09 22:00 – Updated: 2024-08-07 12:50
VLAI
EPSS
VEX
Summary
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.php-security.org/MOPB/BONUS-06-2007.html | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/0829 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/32772 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/22801 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24501 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.zend.com/products/zend_platform/securi… | x_refsource_CONFIRM |
Date Public
2007-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/MOPB/BONUS-06-2007.html"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "32772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32772"
},
{
"name": "22801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22801"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-scd-privilege-escalation(32825)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/MOPB/BONUS-06-2007.html"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "32772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32772"
},
{
"name": "22801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22801"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-scd-privilege-escalation(32825)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php-security.org/MOPB/BONUS-06-2007.html",
"refsource": "MISC",
"url": "http://www.php-security.org/MOPB/BONUS-06-2007.html"
},
{
"name": "ADV-2007-0829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "32772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32772"
},
{
"name": "22801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22801"
},
{
"name": "24501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-scd-privilege-escalation(32825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825"
},
{
"name": "http://www.zend.com/products/zend_platform/security_vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1370",
"datePublished": "2007-03-09T22:00:00.000Z",
"dateReserved": "2007-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:34.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4432 (GCVE-0-2006-4432)
Vulnerability from nvd – Published: 2006-08-29 00:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/444263/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/28232 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/1466 | third-party-advisoryx_refsource_SREASON |
| http://www.hardened-php.net/advisory_052006.128.html | x_refsource_MISC |
| http://secunia.com/advisories/21573 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3388 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "28232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28232"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
},
{
"name": "zend-zendsession-directory-traversal(28576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "28232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28232"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
},
{
"name": "zend-zendsession-directory-traversal(28576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "28232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28232"
},
{
"name": "1466",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "http://www.hardened-php.net/advisory_052006.128.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3388"
},
{
"name": "zend-zendsession-directory-traversal(28576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4432",
"datePublished": "2006-08-29T00:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4431 (GCVE-0-2006-4431)
Vulnerability from nvd – Published: 2006-08-29 00:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
VEX
Summary
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/28231 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/28230 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/444263/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1466 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/19692 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=full-disclosure&m=11564224822… | mailing-listx_refsource_FULLDISC |
| http://www.hardened-php.net/advisory_052006.128.html | x_refsource_MISC |
| http://secunia.com/advisories/21573 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3388 | vdb-entryx_refsource_VUPEN |
Date Public
2006-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28231"
},
{
"name": "28230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28230"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "19692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19692"
},
{
"name": "zend-modcluster-bo(28573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28573"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115642248226217\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28231"
},
{
"name": "28230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28230"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "19692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19692"
},
{
"name": "zend-modcluster-bo(28573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28573"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115642248226217\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28231",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28231"
},
{
"name": "28230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28230"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "1466",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "19692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19692"
},
{
"name": "zend-modcluster-bo(28573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28573"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115642248226217\u0026w=2"
},
{
"name": "http://www.hardened-php.net/advisory_052006.128.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4431",
"datePublished": "2006-08-29T00:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1369 (GCVE-0-2007-1369)
Vulnerability from cvelistv5 – Published: 2007-03-09 22:00 – Updated: 2024-08-07 12:50
VLAI
EPSS
VEX
Summary
ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/33930 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0829 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/22802 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24501 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/32773 | vdb-entryx_refsource_OSVDB |
| http://www.php-security.org/MOPB/BONUS-07-2007.html | x_refsource_MISC |
| http://www.zend.com/products/zend_platform/securi… | x_refsource_CONFIRM |
Date Public
2007-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33930"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "22802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22802"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-inimodifier-privilege-escalation(32820)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32820"
},
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/MOPB/BONUS-07-2007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33930"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "22802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22802"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-inimodifier-privilege-escalation(32820)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32820"
},
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/MOPB/BONUS-07-2007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33930",
"refsource": "OSVDB",
"url": "http://osvdb.org/33930"
},
{
"name": "ADV-2007-0829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "22802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22802"
},
{
"name": "24501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-inimodifier-privilege-escalation(32820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32820"
},
{
"name": "32773",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32773"
},
{
"name": "http://www.php-security.org/MOPB/BONUS-07-2007.html",
"refsource": "MISC",
"url": "http://www.php-security.org/MOPB/BONUS-07-2007.html"
},
{
"name": "http://www.zend.com/products/zend_platform/security_vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1369",
"datePublished": "2007-03-09T22:00:00.000Z",
"dateReserved": "2007-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:35.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1370 (GCVE-0-2007-1370)
Vulnerability from cvelistv5 – Published: 2007-03-09 22:00 – Updated: 2024-08-07 12:50
VLAI
EPSS
VEX
Summary
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.php-security.org/MOPB/BONUS-06-2007.html | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/0829 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/32772 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/22801 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24501 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.zend.com/products/zend_platform/securi… | x_refsource_CONFIRM |
Date Public
2007-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/MOPB/BONUS-06-2007.html"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "32772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32772"
},
{
"name": "22801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22801"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-scd-privilege-escalation(32825)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/MOPB/BONUS-06-2007.html"
},
{
"name": "ADV-2007-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "32772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32772"
},
{
"name": "22801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22801"
},
{
"name": "24501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-scd-privilege-escalation(32825)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php-security.org/MOPB/BONUS-06-2007.html",
"refsource": "MISC",
"url": "http://www.php-security.org/MOPB/BONUS-06-2007.html"
},
{
"name": "ADV-2007-0829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0829"
},
{
"name": "32772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32772"
},
{
"name": "22801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22801"
},
{
"name": "24501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24501"
},
{
"name": "zend-scd-privilege-escalation(32825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825"
},
{
"name": "http://www.zend.com/products/zend_platform/security_vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.zend.com/products/zend_platform/security_vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1370",
"datePublished": "2007-03-09T22:00:00.000Z",
"dateReserved": "2007-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:34.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4432 (GCVE-0-2006-4432)
Vulnerability from cvelistv5 – Published: 2006-08-29 00:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/444263/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/28232 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/1466 | third-party-advisoryx_refsource_SREASON |
| http://www.hardened-php.net/advisory_052006.128.html | x_refsource_MISC |
| http://secunia.com/advisories/21573 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3388 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "28232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28232"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
},
{
"name": "zend-zendsession-directory-traversal(28576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "28232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28232"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
},
{
"name": "zend-zendsession-directory-traversal(28576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "28232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28232"
},
{
"name": "1466",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "http://www.hardened-php.net/advisory_052006.128.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3388"
},
{
"name": "zend-zendsession-directory-traversal(28576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4432",
"datePublished": "2006-08-29T00:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4431 (GCVE-0-2006-4431)
Vulnerability from cvelistv5 – Published: 2006-08-29 00:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
VEX
Summary
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/28231 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/28230 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/444263/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1466 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/19692 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=full-disclosure&m=11564224822… | mailing-listx_refsource_FULLDISC |
| http://www.hardened-php.net/advisory_052006.128.html | x_refsource_MISC |
| http://secunia.com/advisories/21573 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3388 | vdb-entryx_refsource_VUPEN |
Date Public
2006-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28231"
},
{
"name": "28230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28230"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "19692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19692"
},
{
"name": "zend-modcluster-bo(28573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28573"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115642248226217\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28231"
},
{
"name": "28230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28230"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "1466",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "19692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19692"
},
{
"name": "zend-modcluster-bo(28573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28573"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115642248226217\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28231",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28231"
},
{
"name": "28230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28230"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"
},
{
"name": "1466",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1466"
},
{
"name": "19692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19692"
},
{
"name": "zend-modcluster-bo(28573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28573"
},
{
"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115642248226217\u0026w=2"
},
{
"name": "http://www.hardened-php.net/advisory_052006.128.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_052006.128.html"
},
{
"name": "21573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21573"
},
{
"name": "ADV-2006-3388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4431",
"datePublished": "2006-08-29T00:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}