VYPR

PHP

by PHP

Source repositories

CVEs (730)

  • CVE-2008-3660Aug 15, 2008
    risk 0.00cvss epss 0.03

    PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

  • CVE-2008-2829Jun 23, 2008
    risk 0.00cvss epss 0.05

    php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow"…

  • CVE-2008-2665Jun 20, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has…

  • CVE-2008-2107May 7, 2008
    risk 0.00cvss epss 0.03

    The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and…

  • CVE-2008-2050May 5, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

  • CVE-2008-2051May 5, 2008
    risk 0.00cvss epss 0.03

    The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

  • CVE-2008-1384Mar 27, 2008
    risk 0.00cvss epss 0.02

    Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c…

  • CVE-2008-0145Jan 8, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.

  • CVE-2007-5899Nov 20, 2007
    risk 0.00cvss epss 0.03

    The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten…

  • CVE-2007-5900Nov 20, 2007
    risk 0.00cvss epss 0.00

    PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

  • CVE-2007-5898Nov 20, 2007
    risk 0.00cvss epss 0.03

    The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

  • CVE-2007-5424Oct 12, 2007
    risk 0.00cvss epss 0.02

    The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

  • CVE-2007-5128Sep 27, 2007
    risk 0.00cvss epss 0.01

    SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

  • CVE-2007-4889Sep 14, 2007
    risk 0.00cvss epss 0.01

    The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

  • CVE-2007-4887Sep 14, 2007
    risk 0.00cvss epss 0.02

    The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

  • CVE-2007-4840Sep 12, 2007
    risk 0.00cvss epss 0.03

    PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3)…

  • CVE-2007-4825Sep 12, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

  • CVE-2007-4784Sep 10, 2007
    risk 0.00cvss epss 0.03

    The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads,…

  • CVE-2007-4783Sep 10, 2007
    risk 0.00cvss epss 0.04

    The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service…

  • CVE-2007-4782Sep 10, 2007
    risk 0.00cvss epss 0.05

    PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter…

Page 32 of 37