Page 82 of 435 results (0.037 seconds)

CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 0

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. PHP anteriores a 4.3.7 en plataformas Win32 no filtra adecuadamente todos los metacaractéres de shell, lo que permite a atacantes locales o remotos ejecutar código de su elección, sobreescribir ficheros, y acceder a variables de entorno internas mediante (1) caractéres "%", "|", or ">" en la función escapeshelcmd, o (2) el carácter "%" en la función escapeshellarg • http://www.idefense.com/application/poi/display?id=108 http://www.php.net/release_4_3_7.php https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. • http://bugs.php.net/bug.php?id=22048 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://access.redhat.com/security/cve/CVE-2003-1302 https://bugzilla.redhat.com/show_bug.cgi?id=1617126 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1

Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. • http://bugs.php.net/bug.php?id=24150 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346 https://access.redhat.com/security/cve/CVE-2003-1303 https://bugzilla.redhat.com/show_bug.cgi?id=1617127 •

CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamiento de búfer en PHP anteriores a 4.3.3 tienen impacto desconocido y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •

CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0

Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. Desbordamientos de enteros en base64_encode y la librería GD de PHP anteriores a 4.3.3 tienen impactos y vectores de ataque desconocidos. • http://www.php.net/ChangeLog-4.php#4.3.3 http://www.php.net/release_4_3_3.php •