Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2005-3883 | 5.0 |
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
|
30-10-2018 - 16:25 | 29-11-2005 - 11:03 | |
CVE-2005-3389 | 5.0 |
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting,
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2005-3392 | 7.5 |
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2005-3390 | 7.5 |
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST reque
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2005-3391 | 7.5 |
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2005-3353 | 5.0 |
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
|
30-10-2018 - 16:25 | 18-11-2005 - 23:03 |