CVE-2001-0108
https://notcve.org/view.php?id=CVE-2001-0108
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 http://marc.info/?l=bugtraq&m=97957961212852 http://www.debian.org/security/2001/dsa-020 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 http://www.redhat.com/support/errata/RHSA-2000-136.html http://www.securityfocus.com/bid/2206 https://exchange.xforce.ibmcloud.com/vulnerabilities/5940 •
CVE-2001-1385
https://notcve.org/view.php?id=CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 http://marc.info/?l=bugtraq&m=97957961212852 http://www.debian.org/security/2001/dsa-020 http://www.iss.net/security_center/static/5939.php http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 http://www.redhat.com/support/errata/RHSA-2000-136.html http://www.securityfocus.com/bid/2205 •
CVE-2000-0967 – PHP 3.0.16/4.0.2 - Remote Format Overflow
https://notcve.org/view.php?id=CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. • https://www.exploit-db.com/exploits/220 https://www.exploit-db.com/exploits/20286 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html http://www.atstake.com/research/advisories/2000/a101200-1.txt http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1 http://www.redhat.com/support/errata/RHSA •
CVE-2000-0860
https://notcve.org/view.php?id=CVE-2000-0860
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u http://www.securityfocus.com/bid/1649 https://exchange.xforce.ibmcloud.com/vulnerabilities/5190 •
CVE-2000-0059 – PHP 3.0.13 - 'Safe_mode' Failure
https://notcve.org/view.php?id=CVE-2000-0059
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. • https://www.exploit-db.com/exploits/19708 http://www.securityfocus.com/bid/911 •