Filtered by vendor Php
Subscriptions
Filtered by product Php
Subscriptions
Total
714 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1392 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-03 | N/A |
| PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | ||||
| CVE-2003-0860 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. | ||||
| CVE-2004-0959 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-03 | N/A |
| rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | ||||
| CVE-2002-2215 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-03 | N/A |
| The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | ||||
| CVE-2003-0097 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). | ||||
| CVE-2003-0442 | 2 Php, Redhat | 2 Php, Linux | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. | ||||
| CVE-2004-0958 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-03 | N/A |
| php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | ||||
| CVE-2002-2214 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-03 | N/A |
| The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | ||||
| CVE-2002-0121 | 1 Php | 1 Php | 2025-04-03 | N/A |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | ||||
| CVE-2002-0229 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | ||||
| CVE-2002-0484 | 1 Php | 1 Php | 2025-04-03 | N/A |
| move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | ||||
| CVE-1999-0058 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Buffer overflow in PHP cgi program, php.cgi allows shell access. | ||||
| CVE-2002-1396 | 2 Php, Redhat | 2 Php, Linux | 2025-04-03 | N/A |
| Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | ||||
| CVE-2001-0108 | 3 Mandrakesoft, Php, Redhat | 3 Mandrake Linux, Php, Linux | 2025-04-03 | N/A |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | ||||
| CVE-2001-1246 | 2 Php, Redhat | 3 Php, Enterprise Linux, Linux | 2025-04-03 | N/A |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-1999-0068 | 1 Php | 1 Php | 2025-04-03 | N/A |
| CGI PHP mylog script allows an attacker to read any file on the target server. | ||||
| CVE-2002-1783 | 1 Php | 1 Php | 2025-04-03 | N/A |
| CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | ||||
| CVE-2001-1247 | 2 Php, Redhat | 2 Php, Linux | 2025-04-03 | N/A |
| PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | ||||
| CVE-2003-0861 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | ||||
| CVE-2005-3319 | 1 Php | 1 Php | 2025-04-03 | N/A |
| The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost. | ||||