VYPR

PHP

by PHP

Source repositories

CVEs (731)

  • CVE-2007-3294Jun 20, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the…

  • CVE-2007-2872Jun 4, 2007
    risk 0.04cvss epss 0.09

    Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

  • CVE-2007-0448May 24, 2007
    risk 0.04cvss epss 0.07

    The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

  • CVE-2007-2369Apr 30, 2007
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2007-1890Apr 6, 2007
    risk 0.04cvss epss 0.08

    Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.

  • CVE-2007-1001Apr 6, 2007
    risk 0.04cvss epss 0.08

    Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or…

  • CVE-2007-1825Apr 2, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by…

  • CVE-2007-1777Mar 30, 2007
    risk 0.04cvss epss 0.15

    Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

  • CVE-2007-1718Mar 28, 2007
    risk 0.04cvss epss 0.07

    CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To…

  • CVE-2007-1711Mar 27, 2007
    risk 0.04cvss epss 0.08

    Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to…

  • CVE-2007-1701Mar 27, 2007
    risk 0.04cvss epss 0.09

    PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string…

  • CVE-2007-1700Mar 27, 2007
    risk 0.04cvss epss 0.09

    The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted…

  • CVE-2007-1649Mar 24, 2007
    risk 0.04cvss epss 0.07

    PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

  • CVE-2007-1581Mar 21, 2007
    risk 0.04cvss epss 0.08

    The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it…

  • CVE-2007-1522Mar 20, 2007
    risk 0.04cvss epss 0.07

    Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier…

  • CVE-2007-1521Mar 20, 2007
    risk 0.04cvss epss 0.08

    Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

  • CVE-2007-1453Mar 14, 2007
    risk 0.04cvss epss 0.10

    Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte…

  • CVE-2007-1413Mar 12, 2007
    risk 0.04cvss epss 0.11

    Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

  • CVE-2007-1411Mar 10, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.

  • CVE-2007-1380Mar 10, 2007
    risk 0.04cvss epss 0.09

    The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer…

Page 18 of 37