|
Description
|
|
Multiple vulnerabilities were identified in HP System Management Homepage, which could be exploited by remote attackers to bypass the security restrictions, cause a denial of service, or conduct cross site scripting attacks.
Multiple integer handling errors in PHP may allow attackers to bypass safe mode restrictions, causing a denial of service.
The deserialization code in PHP may allow remote attackers to cause a denial of service.
The addslashes function in PHP does not properly escape a NULL character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements.
When running in safe mode on a multithreaded Linux webserver, may allow local users to bypass "safe_mode_exec_dir" restrictions and execute commands outside of the intended "safe_mode_exec_dir" via shell metacharacters in the current directory name.
The safe mode checks in PHP truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode.
A Buffer overflow error in the "exif_read_data" function in PHP may allow remote attackers to execute arbitrary code via a long section name in an image file.
An input validation error in Namazu could be exploited by attackers to conduct cross site scripting via the "namazu.cgi" script.
|
