CVE-2004-0595 – PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass
https://notcve.org/view.php?id=CVE-2004-0595
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. La función strip_tags en PHP 4.x hasta 4.3.7, y 5.x hasta 5.0.0RC3, no filtra caractéres null() dentro de nombreres de etiquetas cuanto se restringe la entrada a etiquetas permitidas, lo que permite que etiquetas peligrosas sean procesadas por navegadores como Internet Explorer y Safari, que ignoran caractéres nulos y facilita la explotación de vulnerabilidades de secuencias de comandos en sitios cruzados (XSS). • https://www.exploit-db.com/exploits/24280 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html http://marc.info/?l=bugtraq&m=108981780109154&w=2 http://marc.info/?l=bugtraq&m=108982983426031&w=2 http://marc.info/?l=bugtraq&m=109051444105182&w=2 http://marc.info/? •
CVE-2004-0542
https://notcve.org/view.php?id=CVE-2004-0542
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. PHP anteriores a 4.3.7 en plataformas Win32 no filtra adecuadamente todos los metacaractéres de shell, lo que permite a atacantes locales o remotos ejecutar código de su elección, sobreescribir ficheros, y acceder a variables de entorno internas mediante (1) caractéres "%", "|", or ">" en la función escapeshelcmd, o (2) el carácter "%" en la función escapeshellarg • http://www.idefense.com/application/poi/display?id=108 http://www.php.net/release_4_3_7.php https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 •
CVE-2003-1302
https://notcve.org/view.php?id=CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. • http://bugs.php.net/bug.php?id=22048 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://access.redhat.com/security/cve/CVE-2003-1302 https://bugzilla.redhat.com/show_bug.cgi?id=1617126 •
CVE-2003-0249
https://notcve.org/view.php?id=CVE-2003-0249
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report. • http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97 •
CVE-2003-1303
https://notcve.org/view.php?id=CVE-2003-1303
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. • http://bugs.php.net/bug.php?id=24150 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346 https://access.redhat.com/security/cve/CVE-2003-1303 https://bugzilla.redhat.com/show_bug.cgi?id=1617127 •