CVE-2026-20711

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

Mandrake Linux Security Advisory : php (MDKSA-2007:090)

A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution CVE-2007-1001. A DoS flaw was found in how PHP processed a deeply nested array. A remote attacker coul...

CVE-2002-0986

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

PHP Mail Function Header Spoofing

The remote host is running a version of PHP prior or equal to 4.2.2. The mail function does not properly sanitize user input. This allows users to forge email to make it look like it is coming from a different source other than the server. Users can exploit this even if SAFEMODE is enabled...

security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...