Search Results (Refine Search)
- CPE Product Version: cpe:/a:php:php:4.4.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-0097 |
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. Published: January 06, 2006; 6:03:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3883 |
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. Published: November 29, 2005; 6:03:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0958 |
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0959 |
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |