VYPR

rpm package

opensuse/php8&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed

Vulnerabilities (150)

  • CVE-2006-1494Apr 10, 2006
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.

  • CVE-2006-0996Apr 10, 2006
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

  • CVE-2006-1490Mar 29, 2006
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue ha

  • CVE-2006-1017Mar 7, 2006
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attack

  • CVE-2005-3353Nov 18, 2005
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.

  • CVE-2005-3392Nov 1, 2005
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

  • CVE-2005-3391Nov 1, 2005
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

  • CVE-2005-3390Nov 1, 2005
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload

  • CVE-2005-3389Nov 1, 2005
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an in

  • CVE-2005-3388Nov 1, 2005
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Page 8 of 8