CVE search results

61 – 70 of 81 results

Detailed view

Sort by:

CVE-2005-3388

Unknown priority

Fixed

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a “stacked array assignment.”

2 affected packages

php4, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—

CVE-2005-3319

Unknown priority

Fixed

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option...

2 affected packages

php4, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—

CVE-2005-3054

Unknown priority

Fixed

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access...

2 affected packages

php4, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—

CVE-2005-2498

Medium priority

Some fixes available 17 of 18

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary...

5 affected packages

drupal, egroupware, php4, php5, phpgroupware

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
drupal	—	—	—	—
egroupware	—	—	—	—
php4	—	—	—	—
php5	—	—	—	—
phpgroupware	—	—	—	—

CVE-2005-1921

Unknown priority

Fixed

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4)...

4 affected packages

egroupware, php4, php5, phpwiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
egroupware	—	—	—	—
php4	—	—	—	—
php5	—	—	—	—
phpwiki	—	—	—	—

CVE-2005-1759

Unknown priority

Fixed

Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.

3 affected packages

php4, php5, shtool

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—
shtool	—	—	—	—

CVE-2005-1751

Unknown priority

Fixed

Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.

4 affected packages

mysql-ocaml, php4, php5, shtool

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mysql-ocaml	—	—	—	—
php4	—	—	—	—
php5	—	—	—	—
shtool	—	—	—	—

CVE-2005-1042

Unknown priority

Fixed

Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.

2 affected packages

php4, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—

CVE-2005-0596

Unknown priority

Fixed

PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.

2 affected packages

php4, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—

CVE-2005-0525

Unknown priority

Fixed

The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid...

2 affected packages

php4, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php4	—	—	—	—
php5	—	—	—	—

Export to JSON

Results by page:

Search CVE reports