CVE-2005-3391
- EPSS 6.9%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 16.06.2026 22:16:52
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
CVE-2005-3392
- EPSS 6.9%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 16.06.2026 22:16:52
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
CVE-2005-3319
- EPSS 0.59%
- Veröffentlicht 27.10.2005 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:16:43
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file ...
CVE-2005-3054
- EPSS 0.43%
- Veröffentlicht 26.09.2005 19:03:00
- Zuletzt bearbeitet 16.06.2026 22:16:09
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directori...
- EPSS 3.45%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:17
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
- EPSS 2.81%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:17
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which c...
CVE-2005-0596
- EPSS 0.38%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:25
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
CVE-2005-1042
- EPSS 4.02%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:19
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
- EPSS 1.93%
- Veröffentlicht 14.04.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:19
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
- EPSS 16.16%
- Veröffentlicht 10.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:51
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underfl...