Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

633 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-3670 1 Php 1 Php 2016-10-18 6.8
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap...
CVE-2014-3668 1 Php 1 Php 2016-10-18 5.0
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service...
CVE-2002-2175 1 Php 1 Phpsquidpass 2016-10-18 4.0
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted...
CVE-2002-0717 1 Php 1 Php 2016-10-18 7.5
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly...
CVE-2002-0484 1 Php 1 Php 2016-10-18 5.0
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
CVE-2002-0253 1 Php 1 Php 2016-10-18 5.0
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base...
CVE-2002-0229 1 Php 1 Php 2016-10-18 7.5
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
CVE-2002-0081 1 Php 1 Php 2016-10-18 7.5
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
CVE-2001-1385 2 Mandrakesoft, Php 2 Mandrake Linux, Php 2016-10-18 5.0
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
CVE-2013-7327 2 Php, Canonical 2 Ubuntu Linux, Php 2016-09-21 6.8
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop...
CVE-2010-3710 1 Php 1 Php 2016-08-23 4.3
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application...
CVE-2010-3709 1 Php 1 Php 2016-08-23 4.3
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
CVE-2010-2531 1 Php 1 Php 2016-08-23 4.3
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing...
CVE-2010-2484 1 Php 1 Php 2016-08-23 5.0
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.
CVE-2010-2101 1 Php 1 Php 2016-08-23 5.0
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by...
CVE-2010-2100 1 Php 1 Php 2016-08-23 5.0
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory...
CVE-2010-2097 1 Php 1 Php 2016-08-23 5.0
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace...
CVE-2010-1864 1 Php 1 Php 2016-08-23 5.0
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time...
CVE-2010-1862 1 Php 1 Php 2016-08-23 5.0
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time...
CVE-2010-1860 1 Php 1 Php 2016-08-23 5.0
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal...