Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0097 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.
|
|||||
| CVE-2006-4625 | 1 Php | 1 Php | 2025-04-03 | 3.6 LOW | N/A |
|
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
|
|||||
| CVE-2002-0985 | 2 Openpkg, Php | 2 Openpkg, Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
|
|||||
| CVE-2003-0097 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
|
|||||
| CVE-2006-1015 | 1 Php | 1 Php | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
|
|||||
| CVE-2002-0081 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
|
|||||
| CVE-2002-0717 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
|
|||||
| CVE-2006-2660 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.
|
|||||
| CVE-2000-0860 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
|
|||||
| CVE-2006-4484 | 1 Php | 1 Php | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
|
|||||
| CVE-2004-0595 | 4 Avaya, Php, Redhat and 1 more | 8 Converged Communications Server, Integrated Management, S8300 and 5 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
|
|||||
| CVE-2006-4433 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.
|
|||||
| CVE-2000-0967 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
|
|||||
| CVE-2005-1042 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
|
|||||
| CVE-2002-0986 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
|
|||||
| CVE-2002-0121 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
|
|||||
| CVE-1999-0068 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
CGI PHP mylog script allows an attacker to read any file on the target server.
|
|||||
| CVE-2005-3319 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
|
|||||
| CVE-2006-0996 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
|
|||||
| CVE-2006-1014 | 1 Php | 1 Php | 2025-04-03 | 3.2 LOW | N/A |
|
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
|
|||||
| CVE-2004-1064 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-03 | 10.0 HIGH | N/A |
|
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
|
|||||
| CVE-2000-0059 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
|
|||||
| CVE-2005-0596 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
|
|||||
| CVE-2006-1990 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
|
|||||
| CVE-2002-1396 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2004-0959 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
|
|||||
| CVE-2005-3391 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
|
|||||
| CVE-2003-0863 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
|
|||||
| CVE-2004-1063 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-03 | 10.0 HIGH | N/A |
|
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
|
|||||
| CVE-2004-0594 | 6 Avaya, Debian, Hp and 3 more | 6 Converged Communications Server, Debian Linux, Hp-ux and 3 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
|
|||||
| CVE-2002-2215 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
|
|||||
| CVE-2003-0860 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
|
|||||
| CVE-2006-1017 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
|
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
|
|||||
| CVE-2003-0172 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
|
|||||
| CVE-2002-2309 | 1 Php | 1 Php | 2025-04-03 | 7.8 HIGH | N/A |
|
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
|
|||||
| CVE-2006-4020 | 1 Php | 1 Php | 2025-04-03 | 4.6 MEDIUM | N/A |
|
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
|
|||||
| CVE-2004-1019 | 4 Openpkg, Php, Trustix and 1 more | 4 Openpkg, Php, Secure Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
|
|||||
| CVE-2005-3388 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
|
|||||
| CVE-2006-4486 | 1 Php | 1 Php | 2025-04-03 | 2.6 LOW | N/A |
|
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.
|
|||||
| CVE-2006-4482 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-03 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
|
|||||