Total
726 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||||
| CVE-2002-2309 | 1 Php | 1 Php | 2025-04-03 | 7.8 HIGH | N/A |
| php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. | |||||
| CVE-2004-1064 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-03 | 10.0 HIGH | N/A |
| The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
| CVE-2002-0121 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
| CVE-2002-1783 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | |||||
| CVE-2003-0172 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. | |||||
| CVE-1999-0068 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| CGI PHP mylog script allows an attacker to read any file on the target server. | |||||
| CVE-2005-3389 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | |||||
| CVE-2002-0985 | 2 Openpkg, Php | 2 Openpkg, Php | 2025-04-03 | 7.5 HIGH | N/A |
| Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | |||||
| CVE-2006-1991 | 1 Php | 1 Php | 2025-04-03 | 6.4 MEDIUM | N/A |
| The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | |||||
| CVE-2006-4625 | 1 Php | 1 Php | 2025-04-03 | 3.6 LOW | N/A |
| PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. | |||||
| CVE-2005-3353 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. | |||||
| CVE-2004-1392 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | |||||
| CVE-2004-0959 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
| rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | |||||
| CVE-2006-4481 | 1 Php | 1 Php | 2025-04-03 | 7.2 HIGH | N/A |
| The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. | |||||
| CVE-2002-2214 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | |||||
| CVE-1999-0238 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
| php.cgi allows attackers to read any file on the system. | |||||
| CVE-2005-3388 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | |||||
| CVE-2006-0200 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
| Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | |||||
| CVE-2005-0525 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. | |||||