Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-6383

EPSS 0.53% · P68

Public Exploits 1

ExploitDB · 1 EDB-29239 [local]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-6383

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP session.save_path()函数绕过safe_mode及open_basedir安全限制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP在处理会话信息的功能函数实现上存在漏洞,远程攻击者可能利用此漏洞读取敏感信息或向非授权位置写入文件。 可以在PHP的ini_set()中定义用于保存会话路径的session_save_path()函数。在session.save_path中必须要存在用于保存tmp文件的路径,但session.save_path的句法可能为: [/PATH] 或 [N;/PATH] N - 可以是一个串 例如: 1. session_sa
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-6383

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-6383

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-12-10 · 57 CVEs total

CVE-2006-6438Xerox WorkCentre和WorkCentre Pro '立即图像重写(IIO)'信息泄露漏洞
CVE-2006-6410VMWare ActiveX控件Initialize函数缓冲区溢出漏洞
CVE-2006-6405BitDefender Mail Protection MIME文件安全绕过漏洞
CVE-2006-6408Kaspersky Anti-Virus MIME文件安全绕过漏洞
CVE-2006-6407F-Prot Antivirus multipart/mixed MIME文件安全绕过漏洞
CVE-2006-6406Clam AntiVirus MIME文件安全绕过漏洞
CVE-2006-6409F-Secure Anti-Virus for Linux Gateway smultipart/mixed MIME文件安全绕过漏洞
CVE-2006-6441Xerox WorkCentre和WorkCentre Pro Alchemy 安全绕过漏洞
CVE-2006-6440Xerox WorkCentre和WorkCentre Pro 未明HTTP安全漏洞
CVE-2006-6439Xerox WorkCentre和WorkCentre Pro 未明敏感信息泄露漏洞
CVE-2006-6442America Online CDDBControl ActiveX控件缓冲区溢出漏洞
CVE-2006-6437ops3-dmn in Xerox WorkCentre和WorkCentre Pro ops3-dmn起拒绝服务攻击漏洞
CVE-2006-6436Xerox WorkCentre和WorkCentre Pro 网络控制器跨站脚本攻击漏洞
CVE-2006-6435Xerox WorkCentre的WorkCentre Pro 认证敏感信息泄露漏洞
CVE-2006-6434Xerox WorkCentre和WorkCentre Pro 未明安全绕过漏洞
CVE-2006-6433Xerox WorkCentre和WorkCentre Pro 时间戳安全绕过漏洞
CVE-2006-6432Xerox WorkCentre和WorkCentre Pro Scan-to-mailbox 未明下载漏洞
CVE-2006-6431Xerox WorkCentre和WorkCentre Pro 未明电子邮件消息签名漏洞
CVE-2006-6430Xerox WorkCentre 和 WorkCentre Pro HTTP数据流敏感信息泄露漏洞
CVE-2006-6429Xerox WorkCentre和WorkCentre Pro TFTP/BOOTP特定配置设置漏洞

Showing top 20 of 57 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-6383

No comments yet

Leave a comment