VYPR

PHP

by PHP

Source repositories

CVEs (730)

  • CVE-2002-2214Dec 31, 2002
    risk 0.00cvss epss 0.02

    The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.

  • CVE-2002-2215Dec 31, 2002
    risk 0.00cvss epss 0.01

    The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.

  • CVE-2002-0986Sep 24, 2002
    risk 0.00cvss epss 0.03

    The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

  • CVE-2002-0985Sep 24, 2002
    risk 0.00cvss epss 0.03

    Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

  • CVE-2002-0253May 29, 2002
    risk 0.00cvss epss 0.05

    PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive…

  • CVE-2002-0121Mar 25, 2002
    risk 0.00cvss epss 0.01

    PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

  • CVE-2001-0108Mar 12, 2001
    risk 0.00cvss epss 0.02

    PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

  • CVE-2001-1385Jan 12, 2001
    risk 0.00cvss epss 0.02

    The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

  • CVE-2000-0860Nov 14, 2000
    risk 0.00cvss epss 0.03

    The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

  • CVE-1999-0058Apr 17, 1997
    risk 0.00cvss epss 0.02

    Buffer overflow in PHP cgi program, php.cgi allows shell access.

Page 37 of 37