Filtered by vendor Php
Subscribe
Total
732 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1392 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | |||||
| CVE-2002-2214 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | |||||
| CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||||
| CVE-2002-1396 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2002-2309 | 1 Php | 1 Php | 2024-02-04 | 7.8 HIGH | N/A |
| php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. | |||||
| CVE-1999-0346 | 1 Php | 1 Php Fi | 2024-02-04 | 5.0 MEDIUM | N/A |
| CGI PHP mlog script allows an attacker to read any file on the target server. | |||||
| CVE-2004-0959 | 1 Php | 1 Php | 2024-02-04 | 2.1 LOW | N/A |
| rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | |||||
| CVE-2003-1302 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | |||||
| CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||||
| CVE-2002-0717 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | |||||
| CVE-2002-1954 | 1 Php | 1 Php | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. | |||||
| CVE-1999-0238 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
| php.cgi allows attackers to read any file on the system. | |||||
| CVE-2003-0863 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | |||||
| CVE-2003-0097 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). | |||||
| CVE-2002-2215 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | |||||
| CVE-2002-0229 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | |||||
| CVE-2001-1247 | 1 Php | 1 Php | 2024-02-04 | 6.4 MEDIUM | N/A |
| PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | |||||
| CVE-2003-0442 | 2 Php, Redhat | 2 Php, Linux | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. | |||||
| CVE-2002-0121 | 1 Php | 1 Php | 2024-02-04 | 2.1 LOW | N/A |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
| CVE-2003-0860 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||