CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 3CVE-2004-1392 – PHP 4.x/5 - cURL 'open_basedir' Restriction Bypass
https://notcve.org/view.php?id=CVE-2004-1392
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. • https://www.exploit-db.com/exploits/24711 http://marc.info/?l=bugtraq&m=109898213806099&w=2 http://marc.info/?l=bugtraq&m=110625060220934&w=2 http://securitytracker.com/id?1011984 http://www.redhat.com/support/errata/RHSA-2005-405.html http://www.redhat.com/support/errata/RHSA-2005-406.html http://www.securityfocus.com/bid/11557 https://bugzilla.fedora.us/show_bug.cgi?id=2344 https://exchange.xforce.ibmcloud.com/vulnerabilities/17900 https://oval.cisecurity.org/repos •
CVSS: 10.0EPSS: 13%CPEs: 65EXPL: 0CVE-2004-1065
https://notcve.org/view.php?id=CVE-2004-1065
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. Desbordamiento de búfer en la función exif_read_data de PHP anteriores a 4.3.10 y PHP 5.x hasta 5.0.2 permite a atacantes remotos ejecutar código arbitrario mediante un nombre de sección largo en un fichero de imagen. • http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html http://www.php.net/release_4_3_10.php http://www.redhat.com/support/errata/RHSA-2004-687.html http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.securityfocus.com/advisories/9028 https://bugzilla.fedora.us/show_bug.cgi?id=2344 https://exchange.xforce.ibm •
CVSS: 10.0EPSS: 5%CPEs: 65EXPL: 0CVE-2004-1019
https://notcve.org/view.php?id=CVE-2004-1019
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. El código de deserialización en PHP anteriores a 4.3.10 y PHP 5.x hasta 5.0.2 permite a atacantes remotos causar una denegación de servicio y ejecutar código de su elección mediante datos "no de confianza" a la función unserialize que pueden producir resultados de "revelación de información, liberación de memoria doble y referencia a índice de arrray negativo" • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=110314318531298&w=2 http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html http://www.oracle.com/technetwork/topics/secur • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2004-1018 – PHP 3/4/5 - Multiple Local/Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** NO USE ESTE NÚMERO DE CANDIDATA. • https://www.exploit-db.com/exploits/24854 https://www.exploit-db.com/exploits/24855 http://marc.info/?l=bugtraq&m=110314318531298&w=2 http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.osvdb.org/12411 http://www.php.net/release_4_3_10.php http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.redhat.com/support& •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1064
https://notcve.org/view.php?id=CVE-2004-1064
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** No usar este número de candidata. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915 http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.php.net/release_4_3_10.php http://www.securityfocus.com/advisories/9028 http://www.securityfocus.com/archive/1/384545 http://www.securityfocus.com/bid/11964 https: •