Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2000-0967

Published: 19/12/2000 Updated: 03/05/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Php

Vulnerability Summary

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote malicious users to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 3.0

php php 4.0

Exploits

Exploit DB: PHP 3.0.16/4.0.2 - Remote Format Overflow
/* * PHP 3016/402 remote format overflow exploit * Copyright (c) 2000 * Field Marshal Count August Anton Wilhelm Neithardt von Gneisenau * gneisenau@berlincom * my regards to sheib and darkx * All rights reserved * Pascal Boucheraine's paper was enlightening * THERE IS NO IMPLIED OR EXPRESS WARRANTY FOR THIS CODE * YOU ARE RESPON ...
Exploit DB: PHP 3.0/4.0 - Error Logging Format String
source: wwwsecurityfocuscom/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 403 The vulnerability exists in the code that handles error logging and is present if error logging is enab ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/1786http://www.atstake.com/research/advisories/2000/a101200-1.txthttp://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txtftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.aschttp://www.redhat.com/support/errata/RHSA-2000-088.htmlhttp://www.redhat.com/support/errata/RHSA-2000-095.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-10/0204.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/5359https://nvd.nist.govhttps://www.exploit-db.com/exploits/220/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook