Vulnerabilities > PHP > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1302 | Denial-Of-Service vulnerability in PHP The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | 5.0 |
| 2003-07-24 | CVE-2003-0442 | Cross-Site Scripting vulnerability in PHP Transparent Session ID Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. | 4.3 |
| 2002-12-31 | CVE-2002-2215 | Denial-Of-Service vulnerability in PHP The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | 5.0 |
| 2002-12-31 | CVE-2002-2214 | Denial-Of-Service vulnerability in PHP 4.2/4.2.0/4.2.1 The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | 5.0 |
| 2002-12-31 | CVE-2002-1954 | Cross-Site Scripting vulnerability in PHP 4.2.3 Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. network php | 4.3 |
| 2002-12-31 | CVE-2002-1783 | Unspecified vulnerability in PHP CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | 5.0 |
| 2002-09-24 | CVE-2002-0986 | Unspecified vulnerability in PHP The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | 5.0 |
| 2002-08-12 | CVE-2002-0484 | Unspecified vulnerability in PHP move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | 5.0 |
| 2002-05-29 | CVE-2002-0253 | Information Disclosure vulnerability in PHP Include File Relative Directory PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | 5.0 |
| 2001-12-06 | CVE-2001-1247 | Permissions, Privileges, and Access Controls vulnerability in PHP 4.0.4Pl1/4.0.5 PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | 6.4 |