PHP
by PHP
Source repositories
CVEs (731)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0042 | 0.04 | — | 0.09 | Feb 16, 2001 | PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | |||
| CVE-2000-0059 | 0.04 | — | 0.11 | Jan 4, 2000 | PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. | |||
| CVE-1999-0068 | 0.04 | — | 0.07 | Oct 19, 1997 | CGI PHP mylog script allows an attacker to read any file on the target server. | |||
| CVE-1999-0238 | 0.04 | — | 0.06 | Aug 1, 1997 | php.cgi allows attackers to read any file on the system. | |||
| CVE-2015-3329 | 0.03 | — | 0.38 | Jun 9, 2015 | Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. | |||
| CVE-2012-5381 | 0.03 | — | 0.01 | Oct 11, 2012 | Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment… | |||
| CVE-2012-2335 | 0.03 | — | 0.33 | May 11, 2012 | php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string… | |||
| CVE-2008-7002 | 0.03 | — | 0.01 | Aug 19, 2009 | PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4)… | |||
| CVE-2009-0754 | 0.03 | — | 0.01 | Mar 3, 2009 | PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on… | |||
| CVE-2007-4850 | 0.03 | — | 0.06 | Jan 25, 2008 | curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | |||
| CVE-2007-6039 | 0.03 | — | 0.01 | Nov 20, 2007 | PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4)… | |||
| CVE-2007-5653 | 0.03 | — | 0.05 | Oct 23, 2007 | The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding… | |||
| CVE-2007-5447 | 0.03 | — | 0.05 | Oct 14, 2007 | ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the… | |||
| CVE-2007-4652 | 0.03 | — | 0.01 | Sep 4, 2007 | The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | |||
| CVE-2007-4528 | 0.03 | — | 0.05 | Aug 25, 2007 | The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. … | |||
| CVE-2007-4507 | 0.03 | — | 0.06 | Aug 23, 2007 | Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4)… | |||
| CVE-2007-4441 | 0.03 | — | 0.02 | Aug 21, 2007 | Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. | |||
| CVE-2007-4010 | 0.03 | — | 0.06 | Jul 26, 2007 | The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. | |||
| CVE-2007-3790 | 0.03 | — | 0.03 | Jul 15, 2007 | The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | |||
| CVE-2007-1835 | 0.03 | — | 0.01 | Apr 3, 2007 | PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. |
- CVE-2001-0042Feb 16, 2001risk 0.04cvss —epss 0.09
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
- CVE-2000-0059Jan 4, 2000risk 0.04cvss —epss 0.11
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
- CVE-1999-0068Oct 19, 1997risk 0.04cvss —epss 0.07
CGI PHP mylog script allows an attacker to read any file on the target server.
- CVE-1999-0238Aug 1, 1997risk 0.04cvss —epss 0.06
php.cgi allows attackers to read any file on the system.
- CVE-2015-3329Jun 9, 2015risk 0.03cvss —epss 0.38
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
- CVE-2012-5381Oct 11, 2012risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment…
- CVE-2012-2335May 11, 2012risk 0.03cvss —epss 0.33
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string…
- CVE-2008-7002Aug 19, 2009risk 0.03cvss —epss 0.01
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4)…
- CVE-2009-0754Mar 3, 2009risk 0.03cvss —epss 0.01
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on…
- CVE-2007-4850Jan 25, 2008risk 0.03cvss —epss 0.06
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
- CVE-2007-6039Nov 20, 2007risk 0.03cvss —epss 0.01
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4)…
- CVE-2007-5653Oct 23, 2007risk 0.03cvss —epss 0.05
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding…
- CVE-2007-5447Oct 14, 2007risk 0.03cvss —epss 0.05
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the…
- CVE-2007-4652Sep 4, 2007risk 0.03cvss —epss 0.01
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
- CVE-2007-4528Aug 25, 2007risk 0.03cvss —epss 0.05
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. …
- CVE-2007-4507Aug 23, 2007risk 0.03cvss —epss 0.06
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4)…
- CVE-2007-4441Aug 21, 2007risk 0.03cvss —epss 0.02
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
- CVE-2007-4010Jul 26, 2007risk 0.03cvss —epss 0.06
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
- CVE-2007-3790Jul 15, 2007risk 0.03cvss —epss 0.03
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
- CVE-2007-1835Apr 3, 2007risk 0.03cvss —epss 0.01
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
Page 20 of 37