Filtered by vendor Php
Subscribe
Total
748 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4433 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation. | |||||
CVE-2004-0594 | 6 Avaya, Debian, Hp and 3 more | 6 Converged Communications Server, Debian Linux, Hp-ux and 3 more | 2025-04-03 | 5.1 MEDIUM | N/A |
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | |||||
CVE-2006-1494 | 1 Php | 1 Php | 2025-04-03 | 2.6 LOW | N/A |
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | |||||
CVE-2003-1303 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. | |||||
CVE-2002-0229 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | |||||
CVE-2002-1396 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
CVE-2000-0967 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. | |||||
CVE-2002-1954 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. | |||||
CVE-2006-1558 | 1 Php | 1 Php Script Index | 2025-04-03 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2002-0121 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2025-04-03 | 5.0 MEDIUM | N/A |
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||||
CVE-2006-1991 | 1 Php | 1 Php | 2025-04-03 | 6.4 MEDIUM | N/A |
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | |||||
CVE-2004-1065 | 4 Openpkg, Php, Trustix and 1 more | 4 Openpkg, Php, Secure Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. | |||||
CVE-2002-0081 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | |||||
CVE-2006-4020 | 1 Php | 1 Php | 2025-04-03 | 4.6 MEDIUM | N/A |
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. | |||||
CVE-2006-4485 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read. | |||||
CVE-2005-3353 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. | |||||
CVE-2005-3883 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | |||||
CVE-2003-0860 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
CVE-2003-0863 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. |