Total
697 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1303 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. | |||||
CVE-2002-1783 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | |||||
CVE-2002-0253 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | |||||
CVE-2000-0860 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. | |||||
CVE-2003-0861 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
CVE-1999-0058 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in PHP cgi program, php.cgi allows shell access. | |||||
CVE-1999-0068 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
CGI PHP mylog script allows an attacker to read any file on the target server. | |||||
CVE-2004-1392 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | |||||
CVE-2002-2214 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | |||||
CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||||
CVE-2002-1396 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
CVE-2002-2309 | 1 Php | 1 Php | 2024-02-04 | 7.8 HIGH | N/A |
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. | |||||
CVE-2004-0959 | 1 Php | 1 Php | 2024-02-04 | 2.1 LOW | N/A |
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | |||||
CVE-2003-1302 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | |||||
CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||||
CVE-2002-0717 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | |||||
CVE-2002-1954 | 1 Php | 1 Php | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. | |||||
CVE-1999-0238 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
php.cgi allows attackers to read any file on the system. | |||||
CVE-2003-0863 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | |||||
CVE-2003-0097 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). |