Vulnerabilities > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2215 | Denial-Of-Service vulnerability in PHP The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | 5.0 |
| 2002-12-31 | CVE-2002-2214 | Denial-Of-Service vulnerability in PHP 4.2/4.2.0/4.2.1 The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | 5.0 |
| 2002-12-31 | CVE-2002-2175 | Unspecified vulnerability in PHP PHPsquidpass phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | 4.0 |
| 2002-12-31 | CVE-2002-1954 | Cross-Site Scripting vulnerability in PHP 4.2.3 Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. network php | 4.3 |
| 2002-12-31 | CVE-2002-1783 | Unspecified vulnerability in PHP CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | 5.0 |
| 2002-09-24 | CVE-2002-0986 | Unspecified vulnerability in PHP The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | 5.0 |
| 2002-08-12 | CVE-2002-0484 | Unspecified vulnerability in PHP move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | 5.0 |
| 2002-05-29 | CVE-2002-0253 | Information Disclosure vulnerability in PHP Include File Relative Directory PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | 5.0 |
| 2001-12-06 | CVE-2001-1247 | Permissions, Privileges, and Access Controls vulnerability in PHP 4.0.4Pl1/4.0.5 PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | 6.4 |
| 2001-03-12 | CVE-2001-0108 | PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | 5.0 |