CVE-2005-3391
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
Date published : 2005-11-01
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html