Filter
AND
PHPPHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to e…
10
First published (updated )
PHPThe file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files b…
First published (updated )
PHPThe Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for …
First published (updated )
PHPPHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions …
First published (updated )
PHPphp.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows …
7.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHPThe imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to c…
First published (updated )
PHPArgument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to by…
7.5
First published (updated )
PHPThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, w…
First published (updated )
PHPmove_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could…
First published (updated )
PHPPHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHPSafe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL dat…
7.5
First published (updated )
PHPInteger signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause …
7.5
First published (updated )
PHPPHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbi…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHPThe memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditi…
5.1
First published (updated )
PHPPHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile func…
2.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHPPHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server ht…
3.6
First published (updated )
PHPPHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PH…
7.5
First published (updated )
PHPscanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execu…
4.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHPzend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_ha…
9.3
First published (updated )
PHPThe copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read a…
2.1
First published (updated )
PHPDirectory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open…
2.6
First published (updated )
PHPThe disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by usi…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.