Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.1.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0081
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and previous versions, and (2) php3_mime_split in PHP 3.0.x allows remote malicious users to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Php Php 3.0
Php Php 4.0.6
Php Php 4.1.0
Php Php 4.1.1
NA
CVE-2002-0121
PHP 4.0 up to and including 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.1.0
Php Php 4.1.2
NA
CVE-2002-0253
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote malicious users to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the in...
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.1
Php Php 4.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.5
Php Php 4.0.6
NA
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote malicious users to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
Php Php 4.0.3
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.1.1
Php Php 4.1.2
Php Php 3.0.18
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.2.2
Php Php 4.0.7
Php Php 4.1.0
NA
CVE-2002-1783
CRLF injection vulnerability in PHP 4.2.1 up to and including 4.2.3, when allow_url_fopen is enabled, allows remote malicious users to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file fu...
Php Php 3.0.14
Php Php 3.0.15
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.2.3
Php Php 3.0.18
Php Php 4.0.3
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.2.1
Php Php 4.2.2
Php Php 3.0.16
Php Php 3.0.17
Php Php 4.1.0
Php Php 4.1.1
NA
CVE-2003-0166
Integer signedness error in emalloc() function for PHP prior to 4.3.2 allow remote malicious users to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly ...
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.1.1
Php Php 4.1.2
3 EDB exploits
NA
CVE-2003-0860
Buffer overflows in PHP prior to 4.3.3 have unknown impact and unknown attack vectors.
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.2.1
Php Php 4.2.3
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.2
Php Php 4.0
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.2.2
Php Php 4.2
NA
CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP prior to 4.3.3 have unknown impact and unknown attack vectors.
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.7
Php Php 4.2.0
Php Php 4.2.2
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.2
Php Php 4.0
Php Php 4.0.6
Php Php 4.1.2
Php Php 4.2.1
Php Php 4.2.3
NA
CVE-2002-0229
Safe Mode feature (safe_mode) in PHP 3.0 up to and including 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
Php Php 3.0.13
Php Php 3.0.16
Php Php 3.0.8
Php Php 3.0.9
Php Php 4.1.0
Php Php 4.1.2
Php Php 3.0.1
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.5
Php Php 4.0.3
Php Php 4.0.4
Php Php 3.0.11
Php Php 3.0.12
Php Php 3.0.6
Php Php 3.0.7
Php Php 4.0.5
Php Php 4.0.6
Php Php 3.0
Php Php 3.0.2
Php Php 3.0.3
Php Php 4.0
3 EDB exploits
NA
CVE-2007-2727
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP prior to 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-depen...
Php Php 4.3.9
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.3.6
Php Php 4.0.7
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.2.2
Php Php 4.0.3
Php Php 4.3.7
Php Php 4.0.6
Php Php 4.1.2
Php Php 4.0.1
Php Php 4.3.3
Php Php 4.1.1
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »