Page 80 of 409 results (0.005 seconds)

CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 0

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. PHP anteriores a 4.3.7 en plataformas Win32 no filtra adecuadamente todos los metacaractéres de shell, lo que permite a atacantes locales o remotos ejecutar código de su elección, sobreescribir ficheros, y acceder a variables de entorno internas mediante (1) caractéres "%", "|", or ">" en la función escapeshelcmd, o (2) el carácter "%" en la función escapeshellarg • http://www.idefense.com/application/poi/display?id=108 http://www.php.net/release_4_3_7.php https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. • http://bugs.php.net/bug.php?id=22048 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://access.redhat.com/security/cve/CVE-2003-1302 https://bugzilla.redhat.com/show_bug.cgi?id=1617126 •

CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamiento de búfer en PHP anteriores a 4.3.3 tienen impacto desconocido y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •

CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0

Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamientos de enteros en base64_encode y la librería GD de PHP anteriores a 4.3.3 tienen impactos y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •

CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 2

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la capacidad de soporte transparente de SID en PHP anteriores a 4.3.2 (session.use_trans_sid) permite a atacantes remotos insertar script arbitrario mediante el parámetro PHPSESSID • https://www.exploit-db.com/exploits/22696 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 http://marc.info/?l=bugtraq&m=105449314612963&w=2 http://marc.info/?l=bugtraq&m=105760591228031&w=2 http://shh.thathost.com/secadv/2003-05-11-php.txt http://www.ciac.org/ciac/bulletins/n-112.shtml http://www.debian.org/security/2003/dsa-351 http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 http://www.osvdb.org/4758 http://www.redhat •