Shodan
Vulnerabilities
Vulnerable Software
Php:  >> Php  >> 4.2  Security Vulnerabilities
CVE-2004-0594
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVSS Score
5.1
EPSS Score
0.78
Published
2004-07-27
CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-12-31
CVE-2003-0860
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVSS Score
10.0
EPSS Score
0.004
Published
2003-11-17
CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVSS Score
10.0
EPSS Score
0.006
Published
2003-11-17
CVE-2003-0442
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
CVSS Score
4.3
EPSS Score
0.312
Published
2003-07-24
CVE-2002-2214
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
CVSS Score
5.0
EPSS Score
0.008
Published
2002-12-31
CVE-2002-2215
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
CVSS Score
5.0
EPSS Score
0.007
Published
2002-12-31
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
CVSS Score
7.5
EPSS Score
0.013
Published
2002-09-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved