PHP » PHP : Security Vulnerabilities Published In 2005 (Execute Code)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2005-1042 |
|
|
Exec Code Overflow |
2005-05-02 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. |
2 |
CVE-2004-1065 |
|
|
Exec Code Overflow |
2005-01-10 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. |
3 |
CVE-2004-1063 |
|
|
Exec Code Bypass |
2005-01-10 |
2020-12-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. |
4 |
CVE-2004-1019 |
20 |
|
DoS Exec Code |
2005-01-10 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. |
5 |
CVE-2004-1018 |
|
|
DoS Exec Code Overflow Bypass |
2005-01-10 |
2020-12-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. |
Total number of vulnerabilities :
5
Page :
1
(This Page)