CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 0CVE-2004-0542
https://notcve.org/view.php?id=CVE-2004-0542
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. PHP anteriores a 4.3.7 en plataformas Win32 no filtra adecuadamente todos los metacaractéres de shell, lo que permite a atacantes locales o remotos ejecutar código de su elección, sobreescribir ficheros, y acceder a variables de entorno internas mediante (1) caractéres "%", "|", or ">" en la función escapeshelcmd, o (2) el carácter "%" en la función escapeshellarg • http://www.idefense.com/application/poi/display?id=108 http://www.php.net/release_4_3_7.php https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1CVE-2003-1302
https://notcve.org/view.php?id=CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. • http://bugs.php.net/bug.php?id=22048 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://access.redhat.com/security/cve/CVE-2003-1302 https://bugzilla.redhat.com/show_bug.cgi?id=1617126 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1CVE-2003-1303
https://notcve.org/view.php?id=CVE-2003-1303
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. • http://bugs.php.net/bug.php?id=24150 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346 https://access.redhat.com/security/cve/CVE-2003-1303 https://bugzilla.redhat.com/show_bug.cgi?id=1617127 •
CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2003-0860
https://notcve.org/view.php?id=CVE-2003-0860
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamiento de búfer en PHP anteriores a 4.3.3 tienen impacto desconocido y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •
CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2003-0861
https://notcve.org/view.php?id=CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamientos de enteros en base64_encode y la librería GD de PHP anteriores a 4.3.3 tienen impactos y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •