Filtered by vendor Php
Subscribe
Total
737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0863 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | |||||
CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||||
CVE-2004-0594 | 6 Avaya, Debian, Hp and 3 more | 6 Converged Communications Server, Debian Linux, Hp-ux and 3 more | 2024-02-28 | 5.1 MEDIUM | N/A |
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | |||||
CVE-2003-1302 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | |||||
CVE-2002-1396 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
CVE-2002-0121 | 1 Php | 1 Php | 2024-02-28 | 2.1 LOW | N/A |
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
CVE-2003-0172 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. | |||||
CVE-2004-0958 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | |||||
CVE-2004-0542 | 1 Php | 1 Php | 2024-02-28 | 10.0 HIGH | N/A |
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. | |||||
CVE-2004-1392 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | |||||
CVE-2002-2214 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | |||||
CVE-2002-2175 | 1 Php | 1 Phpsquidpass | 2024-02-28 | 4.0 MEDIUM | N/A |
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | |||||
CVE-2000-0860 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. | |||||
CVE-1999-0058 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in PHP cgi program, php.cgi allows shell access. | |||||
CVE-2003-0860 | 1 Php | 1 Php | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
CVE-1999-0346 | 1 Php | 1 Php Fi | 2024-02-28 | 5.0 MEDIUM | N/A |
CGI PHP mlog script allows an attacker to read any file on the target server. | |||||
CVE-2001-1246 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. |