Filtered by vendor Php
Subscribe
Total
764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1001 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. | |||||
| CVE-2005-3392 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. | |||||
| CVE-1999-0058 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in PHP cgi program, php.cgi allows shell access. | |||||
| CVE-2003-0860 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
| CVE-2005-3388 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | |||||
| CVE-2002-2175 | 1 Php | 1 Phpsquidpass | 2025-04-03 | 4.0 MEDIUM | N/A |
| phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | |||||
| CVE-2005-3391 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. | |||||
| CVE-2006-1014 | 1 Php | 1 Php | 2025-04-03 | 3.2 LOW | N/A |
| Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. | |||||
| CVE-2001-1246 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-1247 | 1 Php | 1 Php | 2025-04-03 | 6.4 MEDIUM | N/A |
| PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | |||||
| CVE-2003-0166 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. | |||||
| CVE-2004-0594 | 6 Avaya, Debian, Hp and 3 more | 6 Converged Communications Server, Debian Linux, Hp-ux and 3 more | 2025-04-03 | 5.1 MEDIUM | N/A |
| The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | |||||
| CVE-2005-1043 | 6 Apple, Conectiva, Peachtree and 3 more | 7 Mac Os X, Mac Os X Server, Linux and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. | |||||
| CVE-2006-1990 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | |||||
| CVE-2005-3389 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | |||||
| CVE-2003-0861 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
| CVE-2000-0860 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. | |||||
| CVE-2003-0097 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). | |||||
| CVE-2006-3011 | 1 Php | 1 Php | 2025-04-03 | 4.6 MEDIUM | N/A |
| The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | |||||
| CVE-2006-0996 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | |||||