Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3392 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
|
|||||
| CVE-2002-0253 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
|
|||||
| CVE-2004-1018 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the ...
Show More |
|||||
| CVE-2002-1954 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
|
|||||
| CVE-1999-0238 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
php.cgi allows attackers to read any file on the system.
|
|||||
| CVE-2006-1991 | 1 Php | 1 Php | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
|
|||||
| CVE-2006-4483 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
|
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
|
|||||
| CVE-2005-3390 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
|
|||||
| CVE-2005-3883 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
|
|||||
| CVE-2001-1247 | 1 Php | 1 Php | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
|
|||||
| CVE-2006-0208 | 1 Php | 1 Php | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
|
|||||
| CVE-2003-0442 | 2 Php, Redhat | 2 Php, Linux | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
|
|||||
| CVE-2004-1392 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
|
|||||
| CVE-2003-0166 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
|
|||||
| CVE-2006-4485 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
|
|||||
| CVE-2001-1246 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2006-4481 | 1 Php | 1 Php | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
|
|||||
| CVE-2006-0207 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
|
|||||
| CVE-2002-2214 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
|
|||||
| CVE-2004-1020 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further d ...
Show More |
|||||
| CVE-2004-1065 | 4 Openpkg, Php, Trustix and 1 more | 4 Openpkg, Php, Secure Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
|
|||||
| CVE-2002-1783 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.
|
|||||
| CVE-2005-0524 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
|
|||||
| CVE-2006-1549 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
|
|||||
| CVE-2005-3389 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
|
|||||
| CVE-2002-0484 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
|
|||||
| CVE-2005-3054 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
|
|||||
| CVE-1999-0058 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PHP cgi program, php.cgi allows shell access.
|
|||||
| CVE-2006-3017 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
|
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
|
|||||
| CVE-2006-1494 | 1 Php | 1 Php | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
|
|||||
| CVE-2005-1043 | 6 Apple, Conectiva, Peachtree and 3 more | 7 Mac Os X, Mac Os X Server, Linux and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
|
|||||
| CVE-2006-2563 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
|
|||||
| CVE-2003-0861 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
|
|||||
| CVE-2006-3011 | 1 Php | 1 Php | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
|
|||||
| CVE-2004-0958 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
|
|||||
| CVE-2024-2408 | 2 Fedoraproject, Php | 2 Fedora, Php | 2025-03-21 | N/A | 5.9 MEDIUM |
|
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since t ...
Show More |
|||||
| CVE-2023-3824 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2025-02-13 | N/A | 9.4 CRITICAL |
|
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
|
|||||
| CVE-2023-3823 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2025-02-13 | N/A | 8.6 HIGH |
|
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal pu ...
Show More |
|||||
| CVE-2023-0662 | 1 Php | 1 Php | 2025-02-13 | N/A | 7.5 HIGH |
|
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
|
|||||
| CVE-2023-0568 | 1 Php | 1 Php | 2025-02-13 | N/A | 7.5 HIGH |
|
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
|
|||||