Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote malicious users to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Php Php 3.0
Php Php 4.0
2 EDB exploits
NA
CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows malicious users to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
Php Php 4.0
Php Php 5.0.0
NA
CVE-2002-0253
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote malicious users to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the in...
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.1
Php Php 4.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.5
Php Php 4.0.6
NA
CVE-2004-1392
PHP 4.0 with cURL functions allows remote malicious users to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
Php Php 4.0
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.0.4
1 EDB exploit
NA
CVE-2001-0108
PHP Apache module 4.0.4 and previous versions allows remote malicious users to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
Php Php 4.0
Php Php 4.0.1
Php Php 4.0.3
Php Php 4.0.4
Mandrakesoft Mandrake Linux 7.2
NA
CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
Php Php 4.0
Php Php 4.0.1
Php Php 4.0.3
Php Php 4.0.4
Mandrakesoft Mandrake Linux 7.2
NA
CVE-2007-1383
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent malicious users to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
Php Php 4.0
1 EDB exploit
NA
CVE-2005-0596
PHP 4 (PHP4) allows malicious users to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
Php Php 4.0
NA
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote malicious users to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
Php Php 4.0.3
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.1.1
Php Php 4.1.2
Php Php 3.0.18
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.2.2
Php Php 4.0.7
Php Php 4.1.0
NA
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote malicious users to view protected forums via the thread_id parameter.
Php Fusion Php Fusion 4.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »