VYPR

PHP

by PHP

Source repositories

CVEs (731)

  • CVE-2010-4156Nov 10, 2010
    risk 0.04cvss epss 0.13

    The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

  • CVE-2010-3709Nov 9, 2010
    risk 0.04cvss epss 0.13

    The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

  • CVE-2010-2094May 27, 2010
    risk 0.04cvss epss 0.13

    Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1)…

  • CVE-2010-1130Mar 26, 2010
    risk 0.04cvss epss 0.09

    session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument…

  • CVE-2010-1128Mar 26, 2010
    risk 0.04cvss epss 0.08

    The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid…

  • CVE-2010-0397Mar 16, 2010
    risk 0.04cvss epss 0.12

    The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and…

  • CVE-2009-4142Dec 21, 2009
    risk 0.04cvss epss 0.07

    The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte…

  • CVE-2009-2626Dec 1, 2009
    risk 0.04cvss epss 0.08

    The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the…

  • CVE-2009-4018Nov 29, 2009
    risk 0.04cvss epss 0.11

    The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary…

  • CVE-2009-4017Nov 24, 2009
    risk 0.04cvss epss 0.12

    PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to…

  • CVE-2008-5498Dec 26, 2008
    risk 0.04cvss epss 0.09

    Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

  • CVE-2008-5625Dec 17, 2008
    risk 0.04cvss epss 0.07

    PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.

  • CVE-2008-2666Jun 20, 2008
    risk 0.04cvss epss 0.14

    Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok…

  • CVE-2007-3997Sep 4, 2007
    risk 0.04cvss epss 0.14

    The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

  • CVE-2007-4596Aug 30, 2007
    risk 0.04cvss epss 0.08

    The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.

  • CVE-2007-4586Aug 29, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate…

  • CVE-2007-4255Aug 8, 2007
    risk 0.04cvss epss 0.09

    Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

  • CVE-2007-4033Jul 27, 2007
    risk 0.04cvss epss 0.19

    Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll…

  • CVE-2007-3806Jul 17, 2007
    risk 0.04cvss epss 0.11

    The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to…

  • CVE-2007-3799Jul 16, 2007
    risk 0.04cvss epss 0.08

    The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the…

Page 17 of 37