Page 96 of 535 results (0.013 seconds)

CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 0

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. • ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugs.php.net/bug.php?id=35307 http://rhn.redhat.com/errata/RHSA-2006-0276.html http://secunia.com/advisories/17763 http://secunia.com/advisories/18054 http://secunia.com/advisories/18198 http://secunia.com/advisories/19832 http://secunia.com/advisories/20210 http://secunia.com/advisories/20951 http://securitytracker.com/id?1015296 http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm& •

CVSS: 5.0EPSS: 5%CPEs: 27EXPL: 1

The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. • http://bugs.php.net/bug.php?id=34704 http://docs.info.apple.com/article.html?artnum=303382 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://rhn.redhat.com/errata/RHSA-2005-831.html http://secunia.com/advisories/17371 http://secunia.com/advisories/17490 http://secunia.com/advisories/17531 http://secunia.com/advisories/17557 http://secunia.com/advisories/18054 http://secunia.com& •

CVSS: 7.5EPSS: 1%CPEs: 54EXPL: 0

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. • http://docs.info.apple.com/article.html?artnum=303382 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://secunia.com/advisories/17371 http://secunia.com/advisories/17510 http://secunia.com/advisories/18054 http://secunia.com/advisories/18198 http://secunia.com/advisories/19064 http://secunia.com/advisories/22691 http://securityreason.com/securityalert/525 http://www.gentoo.org/security/en •

CVSS: 7.5EPSS: 1%CPEs: 54EXPL: 0

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. • http://docs.info.apple.com/article.html?artnum=303382 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://secunia.com/advisories/17371 http://secunia.com/advisories/17510 http://secunia.com/advisories/18054 http://secunia.com/advisories/18198 http://secunia.com/advisories/18763 http://secunia.com/advisories/19064 http://secunia.com/advisories/22691 http://securityreason.com/securityalert/525 h •

CVSS: 7.5EPSS: 93%CPEs: 63EXPL: 1

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. • https://www.exploit-db.com/exploits/26443 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/17371 http://secunia.com/advisories/17490 http://secunia.com/advisories/17510 http://secunia.com/advisories/17531 http://secunia.com/advisories/17557 http://secunia.com/advisories/17559 http://secunia.com/advisories/18054 http://secunia.com/advisories/18198 http://secunia.com/advisories/18669 •