Filtered by vendor Php
Subscriptions
Total
737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0717 | 1 Php | 1 Php | 2016-10-18 | N/A |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | ||||
| CVE-2002-0484 | 1 Php | 1 Php | 2016-10-18 | N/A |
| move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | ||||
| CVE-2002-0253 | 1 Php | 1 Php | 2016-10-18 | N/A |
| PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | ||||
| CVE-2002-0229 | 1 Php | 1 Php | 2016-10-18 | N/A |
| Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | ||||
| CVE-2002-0081 | 1 Php | 1 Php | 2016-10-18 | N/A |
| Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | ||||
| CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2016-10-18 | N/A |
| The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | ||||
| CVE-2010-3710 | 1 Php | 1 Php | 2016-08-23 | N/A |
| Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. | ||||
| CVE-2010-2484 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. | ||||
| CVE-2010-2101 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-2100 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-2097 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-1864 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-1862 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-1860 | 1 Php | 1 Php | 2016-08-23 | N/A |
| The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. | ||||
| CVE-2016-3171 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-05-09 | N/A |
| Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. | ||||
| CVE-2016-3167 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-04-19 | N/A |
| Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter. | ||||
| CVE-2015-8616 | 1 Php | 1 Php | 2016-01-22 | N/A |
| Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. | ||||
| CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2015-11-16 | N/A |
| PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | ||||
| CVE-2014-2020 | 1 Php | 1 Php | 2014-03-08 | N/A |
| ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | ||||
| CVE-2012-1171 | 1 Php | 1 Php | 2014-02-18 | N/A |
| The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | ||||