Filtered by vendor Php Subscriptions
Filtered by product Php Subscriptions
Total 713 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-0442 2 Php, Redhat 2 Php, Linux 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
CVE-2003-0249 1 Php 1 Php 2024-11-21 N/A
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.
CVE-2003-0172 1 Php 1 Php 2024-11-21 N/A
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
CVE-2003-0166 1 Php 1 Php 2024-11-21 N/A
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
CVE-2003-0097 1 Php 1 Php 2024-11-21 N/A
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
CVE-2002-2309 1 Php 1 Php 2024-11-21 N/A
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
CVE-2002-2215 2 Php, Redhat 2 Php, Enterprise Linux 2024-11-21 N/A
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
CVE-2002-2214 2 Php, Redhat 2 Php, Enterprise Linux 2024-11-21 N/A
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
CVE-2002-1954 1 Php 1 Php 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
CVE-2002-1783 1 Php 1 Php 2024-11-21 N/A
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.
CVE-2002-1396 2 Php, Redhat 2 Php, Linux 2024-11-21 N/A
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2002-0986 2 Php, Redhat 5 Php, Enterprise Linux, Linux and 2 more 2024-11-21 N/A
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
CVE-2002-0985 3 Openpkg, Php, Redhat 6 Openpkg, Php, Enterprise Linux and 3 more 2024-11-21 N/A
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
CVE-2002-0717 1 Php 1 Php 2024-11-21 N/A
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
CVE-2002-0484 1 Php 1 Php 2024-11-21 N/A
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
CVE-2002-0253 1 Php 1 Php 2024-11-21 N/A
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
CVE-2002-0229 1 Php 1 Php 2024-11-21 N/A
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
CVE-2002-0121 1 Php 1 Php 2024-11-21 N/A
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
CVE-2002-0081 2 Php, Redhat 3 Php, Linux, Stronghold 2024-11-21 N/A
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
CVE-2001-1385 3 Mandrakesoft, Php, Redhat 3 Mandrake Linux, Php, Linux 2024-11-21 N/A
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.