rpm package
opensuse/php8&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
Vulnerabilities (150)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-1494 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Apr 10, 2006 | Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | ||
| CVE-2006-0996 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Apr 10, 2006 | Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | ||
| CVE-2006-1490 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Mar 29, 2006 | PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue ha | ||
| CVE-2006-1017 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Mar 7, 2006 | The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attack | ||
| CVE-2005-3353 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Nov 18, 2005 | The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. | ||
| CVE-2005-3392 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Nov 1, 2005 | Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. | ||
| CVE-2005-3391 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Nov 1, 2005 | Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. | ||
| CVE-2005-3390 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Nov 1, 2005 | The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload | ||
| CVE-2005-3389 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Nov 1, 2005 | The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an in | ||
| CVE-2005-3388 | — | < 8.0.11-1.1 | 8.0.11-1.1 | Nov 1, 2005 | Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." |
- CVE-2006-1494Apr 10, 2006affected < 8.0.11-1.1fixed 8.0.11-1.1
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
- CVE-2006-0996Apr 10, 2006affected < 8.0.11-1.1fixed 8.0.11-1.1
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
- CVE-2006-1490Mar 29, 2006affected < 8.0.11-1.1fixed 8.0.11-1.1
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue ha
- CVE-2006-1017Mar 7, 2006affected < 8.0.11-1.1fixed 8.0.11-1.1
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attack
- CVE-2005-3353Nov 18, 2005affected < 8.0.11-1.1fixed 8.0.11-1.1
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
- CVE-2005-3392Nov 1, 2005affected < 8.0.11-1.1fixed 8.0.11-1.1
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
- CVE-2005-3391Nov 1, 2005affected < 8.0.11-1.1fixed 8.0.11-1.1
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
- CVE-2005-3390Nov 1, 2005affected < 8.0.11-1.1fixed 8.0.11-1.1
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload
- CVE-2005-3389Nov 1, 2005affected < 8.0.11-1.1fixed 8.0.11-1.1
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an in
- CVE-2005-3388Nov 1, 2005affected < 8.0.11-1.1fixed 8.0.11-1.1
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Page 8 of 8