Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): php
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2005-0525 |
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0544 |
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0565 |
The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0567 |
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0572 |
index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0596 |
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-0606 |
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2005-0607 |
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0614 |
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0645 |
Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2005-0647 |
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0653 |
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2005-0655 |
auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0659 |
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0669 |
Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0670 |
Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2005-0673 |
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2005-0678 |
PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0679 |
PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0721 |
PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |