CVE-2003-1302
https://notcve.org/view.php?id=CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. • http://bugs.php.net/bug.php?id=22048 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://access.redhat.com/security/cve/CVE-2003-1302 https://bugzilla.redhat.com/show_bug.cgi?id=1617126 •
CVE-2003-1303
https://notcve.org/view.php?id=CVE-2003-1303
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. • http://bugs.php.net/bug.php?id=24150 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346 https://access.redhat.com/security/cve/CVE-2003-1303 https://bugzilla.redhat.com/show_bug.cgi?id=1617127 •
CVE-2003-0860
https://notcve.org/view.php?id=CVE-2003-0860
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamiento de búfer en PHP anteriores a 4.3.3 tienen impacto desconocido y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •
CVE-2003-0861
https://notcve.org/view.php?id=CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamientos de enteros en base64_encode y la librería GD de PHP anteriores a 4.3.3 tienen impactos y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •
CVE-2003-0863 – PHP 4.3.x - Undefined Safe_Mode_Include_Dir Safemode Bypass
https://notcve.org/view.php?id=CVE-2003-0863
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. La función php_check_safe_module_include_dir en fopen_wrappers.c de PHP 4.3.x devuelve una valor de éxito (0) cuando la variable safe_mode_include_dir no está especificada en la configuración, lo que difiere del valor de fallo anterior y puede permitir a atacantes remotos explotar vulnerabilidades de inclusión de ficheros en aplicaciones PHP. • https://www.exploit-db.com/exploits/22911 http://marc.info/?l=bugtraq&m=105839111204227 •