This repository has been archived by the owner on Jun 22, 2021. It is now read-only.
forked from psecio/versionscan
/
checks.json
7472 lines (7472 loc) · 391 KB
/
checks.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{
"checks": [
{
"threat": "5.0",
"cveid": "CVE-2000-0860",
"summary": "The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. \nPublish Date : 2000-11-14 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2000-0967",
"summary": "PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. \nPublish Date : 2000-12-19 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2001-0108",
"summary": "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. \n Publish Date : 2001-03-12 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2001-1246",
"summary": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. \n Publish Date : 2001-06-30 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.6"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2001-1247",
"summary": "PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. \n Publish Date : 2001-12-06 Last Update Date : 2012-06-25",
"fixVersions": {
"base": [
"4.0.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2001-1385",
"summary": "The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. \n Publish Date : 2001-01-12 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0081",
"summary": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart\/form-data HTTP POST request when file_uploads is enabled. \n Publish Date : 2002-03-08 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.7",
"4.1.2"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2002-0121",
"summary": "PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. \n Publish Date : 2002-03-25 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0229",
"summary": "Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using \"LOAD DATA INFILE LOCAL\" SQL statements. \n Publish Date : 2002-05-16 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-0253",
"summary": "PHP, when not configured with the \"display_errors = Off\" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. \n Publish Date : 2002-05-29 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-0484",
"summary": "move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. \n Publish Date : 2002-08-12 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0717",
"summary": "PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart\/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. \n Publish Date : 2002-07-26 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0985",
"summary": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. \n Publish Date : 2002-09-24 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-0986",
"summary": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\" \n Publish Date : 2002-09-24 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-1396",
"summary": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. \n Publish Date : 2003-01-17 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.1.3",
"4.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-1783",
"summary": "CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2002-1954",
"summary": "Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-2214",
"summary": "The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long \"To\" header. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-2215",
"summary": "The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of \"To\" addresses, which triggers an error in the rfc822_write_address function. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2002-2309",
"summary": "php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0097",
"summary": "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). \nPublish Date : 2003-03-03 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0166",
"summary": "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. \n Publish Date : 2003-04-02 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0172",
"summary": "Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. \n Publish Date : 2003-04-02 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.3.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0249",
"summary": "** DISPUTED ** PHP treats unknown methods such as \"PoSt\" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying \"It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.\" \n Publish Date : 2003-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2003-0442",
"summary": "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. \n Publish Date : 2003-07-24 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.2"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2003-0860",
"summary": "Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. \n Publish Date : 2003-11-17 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2003-0861",
"summary": "Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. \n Publish Date : 2003-11-17 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0863",
"summary": "The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. \n Publish Date : 2003-11-17 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2003-1302",
"summary": "The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of \"\\\" (backslash) characters. \n Publish Date : 2003-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.4",
"4.3.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2003-1303",
"summary": "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. \n Publish Date : 2003-12-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2004-0542",
"summary": "PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the \"%\", \"|\", or \">\" characters to the escapeshellcmd function, or (2) the \"%\" character to the escapeshellarg function. \n Publish Date : 2004-08-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2004-0594",
"summary": "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. \nPublish Date : 2004-07-27 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.8",
"5.0.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2004-0595",
"summary": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. \nPublish Date : 2004-07-27 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.8",
"5.0.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2004-0958",
"summary": "php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. \n Publish Date : 2004-11-03 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.0.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2004-0959",
"summary": "rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the \"$_FILES\" array to be modified. \n Publish Date : 2004-11-03 Last Update Date : 2013-09-11",
"fixVersions": {
"base": [
"5.0.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2004-1019",
"summary": "The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger \"information disclosure, double-free and negative reference index array underflow\" results. \nPublish Date : 2005-01-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.10",
"5.0.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2004-1020",
"summary": "The addslashes function in PHP 4.3.9 does not properly escape a NULL (\/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. \n Publish Date : 2005-01-10 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.10",
"5.0.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2004-1065",
"summary": "Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. \nPublish Date : 2005-01-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.10",
"5.0.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2004-1392",
"summary": "PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. \n Publish Date : 2004-12-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-0524",
"summary": "The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. \n Publish Date : 2005-05-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.2.3",
"4.3.11",
"5.0.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-0525",
"summary": "The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. \n Publish Date : 2005-05-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.2.3",
"4.3.11",
"5.0.4"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2005-0596",
"summary": "PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. \nPublish Date : 2005-05-02 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-1042",
"summary": "Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. \n Publish Date : 2005-05-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.11"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-1043",
"summary": "exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. \nPublish Date : 2005-04-14 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.11"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2005-3054",
"summary": "fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory. \n Publish Date : 2005-09-26 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.4.1"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2005-3319",
"summary": "The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost. \n Publish Date : 2005-10-27 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-3353",
"summary": "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. \n Publish Date : 2005-11-18 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2005-3388",
"summary": "Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a \"stacked array assignment.\" \n Publish Date : 2005-11-01 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-3389",
"summary": "The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. \n Publish Date : 2005-11-01 Last Update Date : 2013-07-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-3390",
"summary": "The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart\/form-data POST request with a \"GLOBALS\" fileupload field. \n Publish Date : 2005-11-01 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-3391",
"summary": "Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext\/curl and (2) ext\/gd. \n Publish Date : 2005-11-01 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-3392",
"summary": "Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. \n Publish Date : 2005-11-01 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-3883",
"summary": "CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the \"To\" address argument. \n Publish Date : 2005-11-29 Last Update Date : 2013-08-18",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.2",
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2006-0097",
"summary": "Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. \n Publish Date : 2006-01-06 Last Update Date : 2011-08-01",
"fixVersions": {
"base": [
"4.3.11",
"4.4.3"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-0200",
"summary": "Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. \n Publish Date : 2006-01-13 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.1.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-0207",
"summary": "Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext\/session) and the (2) header function. \n Publish Date : 2006-01-13 Last Update Date : 2011-09-09",
"fixVersions": {
"base": [
"5.0.6",
"5.1.2"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-0208",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. \n Publish Date : 2006-01-13 Last Update Date : 2011-09-13",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.2"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2006-0996",
"summary": "Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. \n Publish Date : 2006-04-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.4.3",
"5.1.3"
]
}
},
{
"threat": "3.2",
"cveid": "CVE-2006-1014",
"summary": "Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. \n Publish Date : 2006-03-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1",
"4.2.0",
"4.3.12",
"4.4.2",
"5.0.6",
"5.1.1"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2006-1015",
"summary": "Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. \n Publish Date : 2006-03-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-1017",
"summary": "The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. \n Publish Date : 2006-03-06 Last Update Date : 2011-07-14",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.0.6",
"5.1.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-1490",
"summary": "PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue. NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents. \n Publish Date : 2006-03-29 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-1494",
"summary": "Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. \n Publish Date : 2006-04-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-1549",
"summary": "PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. \n Publish Date : 2006-04-10 Last Update Date : 2011-08-23",
"fixVersions": {
"base": [
"4.4.3",
"5.1.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-1608",
"summary": "The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:\/\/ URI. \n Publish Date : 2006-04-10 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-1990",
"summary": "Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. \n Publish Date : 2006-04-24 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.4.3",
"5.1.3"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2006-1991",
"summary": "The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. \n Publish Date : 2006-04-24 Last Update Date : 2011-06-13",
"fixVersions": {
"base": [
"5.1.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-2563",
"summary": "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:\/\/ request containing null characters. \n Publish Date : 2006-05-29 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.4.3",
"5.1.5"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-2660",
"summary": "Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. \n Publish Date : 2006-06-13 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.0.6",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.1.5"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2006-3011",
"summary": "The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php:\/\/\" or other scheme in the third argument, which disables safe mode. \n Publish Date : 2006-06-26 Last Update Date : 2011-07-11",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-3017",
"summary": "zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. \nPublish Date : 2006-06-14 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2006-4020",
"summary": "scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. \n Publish Date : 2006-08-08 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.0.6",
"5.1.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-4023",
"summary": "The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. \n Publish Date : 2006-08-08 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.3.4",
"5.0.3",
"5.1.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2006-4433",
"summary": "PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation. \n Publish Date : 2006-08-28 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "7.2",
"cveid": "CVE-2006-4481",
"summary": "The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. \n Publish Date : 2006-08-31 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-4482",
"summary": "Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext\/standard\/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. \n Publish Date : 2006-08-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-4483",
"summary": "The cURL extension files (1) ext\/curl\/interface.c and (2) ext\/curl\/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. \n Publish Date : 2006-08-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-4484",
"summary": "Buffer overflow in the LWZReadByte_ function in ext\/gd\/libgd\/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. \n Publish Date : 2006-08-31 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2006-4485",
"summary": "The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read. \n Publish Date : 2006-08-31 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-4486",
"summary": "Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. \n Publish Date : 2006-08-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.1.6"
]
}
},
{
"threat": "3.6",
"cveid": "CVE-2006-4625",
"summary": "PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. \n Publish Date : 2006-09-12 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2006-4812",
"summary": "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend\/zend_alloc.c). \n Publish Date : 2006-10-10 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "6.2",
"cveid": "CVE-2006-5178",
"summary": "Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. \n Publish Date : 2006-10-10 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [