Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 45.16%
  • Veröffentlicht 27.07.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:56

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explore...

  • EPSS 1.2%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:50

PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE...

Exploit
  • EPSS 1.33%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:53

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.

Exploit
  • EPSS 11.9%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:53

Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in ...

  • EPSS 1.54%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:06

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.

  • EPSS 1.42%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:06

Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.

  • EPSS 6.7%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:06

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote at...

Exploit
  • EPSS 6.98%
  • Veröffentlicht 24.07.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:12

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

Exploit
  • EPSS 14.12%
  • Veröffentlicht 02.04.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:40

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_r...

Exploit
  • EPSS 19%
  • Veröffentlicht 02.04.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:41

Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.