CVE-2006-1017
- EPSS 3.03%
- Veröffentlicht 07.03.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:51
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open...
CVE-2006-0200
- EPSS 19.36%
- Veröffentlicht 13.01.2006 23:03:00
- Zuletzt bearbeitet 16.06.2026 22:20:05
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
- EPSS 4.35%
- Veröffentlicht 13.01.2006 23:03:00
- Zuletzt bearbeitet 16.06.2026 22:20:06
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
CVE-2006-0208
- EPSS 3.77%
- Veröffentlicht 13.01.2006 23:03:00
- Zuletzt bearbeitet 16.06.2026 22:20:06
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are i...
CVE-2006-0097
- EPSS 8.57%
- Veröffentlicht 06.01.2006 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:19:53
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long...
- EPSS 3.05%
- Veröffentlicht 29.11.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:48
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
- EPSS 7.68%
- Veröffentlicht 18.11.2005 23:03:00
- Zuletzt bearbeitet 16.06.2026 22:16:47
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
CVE-2005-3388
- EPSS 48.9%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 16.06.2026 22:16:51
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
- EPSS 6.3%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 16.06.2026 22:16:52
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting,...
CVE-2005-3390
- EPSS 65.51%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 16.06.2026 22:16:52
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST reque...