Vulnerabilities (CVE)

Filtered by vendor Php Subscribe
Filtered by product Php
Total 718 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0108 2 Mandrakesoft, Php 2 Mandrake Linux, Php 2025-04-03 5.0 MEDIUM N/A
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
CVE-2006-1990 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
CVE-2006-1490 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
CVE-2002-0717 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
CVE-2005-3392 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
CVE-2002-1954 1 Php 1 Php 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
CVE-1999-0238 1 Php 1 Php 2025-04-03 10.0 HIGH N/A
php.cgi allows attackers to read any file on the system.
CVE-2006-1549 1 Php 1 Php 2025-04-03 2.1 LOW N/A
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
CVE-2003-0863 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
CVE-2005-1042 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
CVE-2003-0097 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
CVE-2005-3391 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
CVE-2006-4485 1 Php 1 Php 2025-04-03 10.0 HIGH N/A
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
CVE-2002-2215 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
CVE-2002-0229 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
CVE-2006-2563 1 Php 1 Php 2025-04-03 2.1 LOW N/A
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
CVE-2004-1064 2 Canonical, Php 2 Ubuntu Linux, Php 2025-04-03 10.0 HIGH N/A
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVE-2001-1247 1 Php 1 Php 2025-04-03 6.4 MEDIUM N/A
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
CVE-2006-4023 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
CVE-2003-0442 2 Php, Redhat 2 Php, Linux 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.