Vendor CVEs
PHP
All CVEs
763 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1396 | 0.00 | — | 0.04 | Jan 17, 2003 | Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||
| CVE-2002-2175 | 0.00 | — | 0.06 | Dec 31, 2002 | phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | |||
| CVE-2002-2215 | 0.00 | — | 0.01 | Dec 31, 2002 | The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | |||
| CVE-2002-2214 | 0.00 | — | 0.02 | Dec 31, 2002 | The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | |||
| CVE-2002-0985 | 0.00 | — | 0.03 | Sep 24, 2002 | Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | |||
| CVE-2002-0986 | 0.00 | — | 0.03 | Sep 24, 2002 | The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | |||
| CVE-2002-0253 | 0.00 | — | 0.05 | May 29, 2002 | PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive… | |||
| CVE-2002-0121 | 0.00 | — | 0.01 | Mar 25, 2002 | PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||
| CVE-2001-0108 | 0.00 | — | 0.02 | Mar 12, 2001 | PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||
| CVE-2001-1385 | 0.00 | — | 0.02 | Jan 12, 2001 | The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||
| CVE-2000-0860 | 0.00 | — | 0.03 | Nov 14, 2000 | The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. | |||
| CVE-1999-0346 | 0.00 | — | 0.01 | Oct 16, 1997 | CGI PHP mlog script allows an attacker to read any file on the target server. | |||
| CVE-1999-0058 | 0.00 | — | 0.02 | Apr 17, 1997 | Buffer overflow in PHP cgi program, php.cgi allows shell access. |
- CVE-2002-1396Jan 17, 2003risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
- CVE-2002-2175Dec 31, 2002risk 0.00cvss —epss 0.06
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
- CVE-2002-2215Dec 31, 2002risk 0.00cvss —epss 0.01
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
- CVE-2002-2214Dec 31, 2002risk 0.00cvss —epss 0.02
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
- CVE-2002-0985Sep 24, 2002risk 0.00cvss —epss 0.03
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
- CVE-2002-0986Sep 24, 2002risk 0.00cvss —epss 0.03
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
- CVE-2002-0253May 29, 2002risk 0.00cvss —epss 0.05
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive…
- CVE-2002-0121Mar 25, 2002risk 0.00cvss —epss 0.01
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
- CVE-2001-0108Mar 12, 2001risk 0.00cvss —epss 0.02
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
- CVE-2001-1385Jan 12, 2001risk 0.00cvss —epss 0.02
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
- CVE-2000-0860Nov 14, 2000risk 0.00cvss —epss 0.03
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
- CVE-1999-0346Oct 16, 1997risk 0.00cvss —epss 0.01
CGI PHP mlog script allows an attacker to read any file on the target server.
- CVE-1999-0058Apr 17, 1997risk 0.00cvss —epss 0.02
Buffer overflow in PHP cgi program, php.cgi allows shell access.
Page 16 of 16