Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

633 total CVE
CVE Vendors Products Updated CVSS
CVE-1999-0058 1 Php 1 Php 2008-09-09 7.5
Buffer overflow in PHP cgi program, php.cgi allows shell access.
CVE-2007-1454 1 Php 1 Php 2008-09-05 4.3
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character...
CVE-2007-1453 1 Php 1 Php 2008-09-05 7.5
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which...
CVE-2007-1452 1 Php 1 Php 2008-09-05 5.0
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
CVE-2007-1381 1 Php 1 Php 2008-09-05 7.6
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent...
CVE-2006-7204 1 Php 1 Php 2008-09-05 2.1
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
CVE-2005-0596 1 Php 1 Php 2008-09-05 2.1
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
CVE-2003-0249 1 Php 1 Php 2008-09-05 7.5
** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a...
CVE-2002-2309 1 Php 1 Php 2008-09-05 7.8
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
CVE-2002-2215 1 Php 1 Php 2008-09-05 5.0
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
CVE-2002-2214 1 Php 1 Php 2008-09-05 5.0
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
CVE-2002-1954 1 Php 1 Php 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
CVE-2007-1383 1 Php 1 Php 2008-09-05 10.0
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.