CVE-2003-0442 – PHP 4.x - Transparent Session ID Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0442
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la capacidad de soporte transparente de SID en PHP anteriores a 4.3.2 (session.use_trans_sid) permite a atacantes remotos insertar script arbitrario mediante el parámetro PHPSESSID • https://www.exploit-db.com/exploits/22696 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 http://marc.info/?l=bugtraq&m=105449314612963&w=2 http://marc.info/?l=bugtraq&m=105760591228031&w=2 http://shh.thathost.com/secadv/2003-05-11-php.txt http://www.ciac.org/ciac/bulletins/n-112.shtml http://www.debian.org/security/2003/dsa-351 http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 http://www.osvdb.org/4758 http://www.redhat •
CVE-2002-2215
https://notcve.org/view.php?id=CVE-2002-2215
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. • http://bugs.php.net/bug.php?id=19280 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://access.redhat.com/security/cve/CVE-2002-2215 https://bugzilla.redhat.com/show_bug.cgi?id=1616932 •
CVE-2002-2309 – PHP Interpreter 3.0.x/4.0.x/4.1/4.2 - Direct Invocation Denial of Service
https://notcve.org/view.php?id=CVE-2002-2309
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. • https://www.exploit-db.com/exploits/21632 http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000605.html http://online.securityfocus.com/archive/1/283586 http://www.iss.net/security_center/static/9646.php http://www.securityfocus.com/bid/5280 • CWE-399: Resource Management Errors •
CVE-2002-0484 – PHP 3.0.x/4.x - Move_Uploaded_File open_basedir Circumvention
https://notcve.org/view.php?id=CVE-2002-0484
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. • https://www.exploit-db.com/exploits/21347 http://bugs.php.net/bug.php?id=16128 http://marc.info/?l=bugtraq&m=101683938806677&w=2 http://online.securityfocus.com/archive/1/262999 http://online.securityfocus.com/archive/1/263259 http://www.iss.net/security_center/static/8591.php http://www.securityfocus.com/bid/4325 •
CVE-2002-0229 – PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention
https://notcve.org/view.php?id=CVE-2002-0229
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. La característica de Modo Seguro (safe_mode) de PHP 3.0 a 4.1.0 permite a atacantes con acceso a la base de datos MySQL evadir las restricciones del Modo Seguro y leer ficheros arbitrarios usando sentencias SQL "LOAD DATA INFILE LOCAL". • https://www.exploit-db.com/exploits/21264 https://www.exploit-db.com/exploits/21266 https://www.exploit-db.com/exploits/21265 http://marc.info/?l=bugtraq&m=101286577109716&w=2 http://marc.info/?l=bugtraq&m=101304702002321&w=2 http://marc.info/?l=ntbugtraq&m=101285016125377&w=2 http://marc.info/?l=ntbugtraq&m=101303065423534&w=2 http://marc.info/? •