VYPR

PHP

by PHP

Source repositories

CVEs (731)

  • CVE-2007-1717Mar 28, 2007
    risk 0.03cvss epss 0.05

    The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be…

  • CVE-2007-1709Mar 27, 2007
    risk 0.03cvss epss 0.02

    Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

  • CVE-2007-1583Mar 21, 2007
    risk 0.03cvss epss 0.05

    The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals…

  • CVE-2007-1584Mar 21, 2007
    risk 0.03cvss epss 0.05

    Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.

  • CVE-2007-1582Mar 21, 2007
    risk 0.03cvss epss 0.06

    The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to…

  • CVE-2007-1475Mar 16, 2007
    risk 0.03cvss epss 0.02

    Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

  • CVE-2007-1484Mar 16, 2007
    risk 0.03cvss epss 0.01

    The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after…

  • CVE-2007-1452Mar 14, 2007
    risk 0.03cvss epss 0.05

    The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

  • CVE-2007-1412Mar 12, 2007
    risk 0.03cvss epss 0.06

    The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.

  • CVE-2007-1401Mar 10, 2007
    risk 0.03cvss epss 0.01

    Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

  • CVE-2007-1382Mar 10, 2007
    risk 0.03cvss epss 0.02

    The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

  • CVE-2007-1287Mar 6, 2007
    risk 0.03cvss epss 0.03

    A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

  • CVE-2007-0911Feb 13, 2007
    risk 0.03cvss epss 0.05

    Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

  • CVE-2006-6383Dec 10, 2006
    risk 0.03cvss epss 0.01

    PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but…

  • CVE-2006-5178Oct 10, 2006
    risk 0.03cvss epss 0.01

    Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the…

  • CVE-2006-4625Sep 12, 2006
    risk 0.03cvss epss 0.01

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

  • CVE-2006-4020Aug 8, 2006
    risk 0.03cvss epss 0.02

    scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

  • CVE-2006-3011Jun 26, 2006
    risk 0.03cvss epss 0.01

    The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

  • CVE-2006-1549Apr 10, 2006
    risk 0.03cvss epss 0.01

    PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.

  • CVE-2006-1608Apr 10, 2006
    risk 0.03cvss epss 0.01

    The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Page 21 of 37