Filtered by vendor Php
Subscribe
Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3883 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | |||||
| CVE-2006-1558 | 1 Php | 1 Php Script Index | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2006-4484 | 1 Php | 1 Php | 2023-12-10 | 2.6 LOW | N/A |
| Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. | |||||
| CVE-2006-0144 | 2 Apache2triad, Php | 2 Apache2triad, Pear | 2023-12-10 | 7.5 HIGH | N/A |
| The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | |||||
| CVE-2004-1018 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
| CVE-2005-3388 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | |||||
| CVE-2006-1494 | 1 Php | 1 Php | 2023-12-10 | 2.6 LOW | N/A |
| Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | |||||
| CVE-2006-4023 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | |||||
| CVE-2006-1015 | 1 Php | 1 Php | 2023-12-10 | 6.4 MEDIUM | N/A |
| Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. | |||||
| CVE-2006-2563 | 1 Php | 1 Php | 2023-12-10 | 2.1 LOW | N/A |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | |||||
| CVE-2006-1559 | 1 Php | 1 Php Script Index | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-3389 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | |||||
| CVE-2006-1014 | 1 Php | 1 Php | 2023-12-10 | 3.2 LOW | N/A |
| Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. | |||||
| CVE-2005-3391 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. | |||||
| CVE-2004-1019 | 4 Openpkg, Php, Trustix and 1 more | 4 Openpkg, Php, Secure Linux and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
| The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | |||||
| CVE-2005-0596 | 1 Php | 1 Php | 2023-12-10 | 2.1 LOW | N/A |
| PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. | |||||
| CVE-2006-1549 | 1 Php | 1 Php | 2023-12-10 | 2.1 LOW | N/A |
| PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. | |||||
| CVE-2006-2660 | 1 Php | 1 Php | 2023-12-10 | 2.1 LOW | N/A |
| Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. | |||||
| CVE-2005-3392 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. | |||||
| CVE-2005-1043 | 6 Apple, Conectiva, Peachtree and 3 more | 7 Mac Os X, Mac Os X Server, Linux and 4 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. | |||||