VYPR

Vendor CVEs

PHP

All CVEs

763 total · sorted by risk
  • CVE-2002-1396Jan 17, 2003
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

  • CVE-2002-2175Dec 31, 2002
    risk 0.00cvss epss 0.06

    phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.

  • CVE-2002-2215Dec 31, 2002
    risk 0.00cvss epss 0.01

    The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.

  • CVE-2002-2214Dec 31, 2002
    risk 0.00cvss epss 0.02

    The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.

  • CVE-2002-0985Sep 24, 2002
    risk 0.00cvss epss 0.03

    Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

  • CVE-2002-0986Sep 24, 2002
    risk 0.00cvss epss 0.03

    The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

  • CVE-2002-0253May 29, 2002
    risk 0.00cvss epss 0.05

    PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive…

  • CVE-2002-0121Mar 25, 2002
    risk 0.00cvss epss 0.01

    PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

  • CVE-2001-0108Mar 12, 2001
    risk 0.00cvss epss 0.02

    PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

  • CVE-2001-1385Jan 12, 2001
    risk 0.00cvss epss 0.02

    The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

  • CVE-2000-0860Nov 14, 2000
    risk 0.00cvss epss 0.03

    The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

  • CVE-1999-0346Oct 16, 1997
    risk 0.00cvss epss 0.01

    CGI PHP mlog script allows an attacker to read any file on the target server.

  • CVE-1999-0058Apr 17, 1997
    risk 0.00cvss epss 0.02

    Buffer overflow in PHP cgi program, php.cgi allows shell access.

Page 16 of 16