Filtered by vendor Php
Subscriptions
Total
781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0238 | 1 Php | 1 Php | 2026-04-16 | N/A |
| php.cgi allows attackers to read any file on the system. | ||||
| CVE-2006-4482 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. | ||||
| CVE-2002-2214 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | ||||
| CVE-2006-4481 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. | ||||
| CVE-2002-0985 | 3 Openpkg, Php, Redhat | 6 Openpkg, Php, Enterprise Linux and 3 more | 2026-04-16 | N/A |
| Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | ||||
| CVE-2006-1990 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | ||||
| CVE-2004-0542 | 1 Php | 1 Php | 2026-04-16 | N/A |
| PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. | ||||
| CVE-2003-0166 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. | ||||
| CVE-2005-1043 | 7 Apple, Conectiva, Peachtree and 4 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2026-04-16 | N/A |
| exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. | ||||
| CVE-2006-4020 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Application Stack and 1 more | 2026-04-16 | N/A |
| scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. | ||||
| CVE-2001-1246 | 2 Php, Redhat | 3 Php, Enterprise Linux, Linux | 2026-04-16 | N/A |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2002-1783 | 1 Php | 1 Php | 2026-04-16 | N/A |
| CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | ||||
| CVE-2000-0967 | 1 Php | 1 Php | 2026-04-16 | N/A |
| PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. | ||||
| CVE-2003-0861 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | ||||
| CVE-2006-1494 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | ||||
| CVE-2004-0958 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | ||||
| CVE-2006-2660 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. | ||||
| CVE-2006-1608 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. | ||||
| CVE-2005-3883 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | ||||
| CVE-2005-3392 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. | ||||