Vendor CVEs
PHP
All CVEs
763 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0373 | 0.00 | — | 0.02 | Jan 22, 2008 | Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. | |||
| CVE-2008-0145 | 0.00 | — | 0.02 | Jan 8, 2008 | Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||
| CVE-2007-6512 | 0.00 | — | 0.01 | Dec 21, 2007 | PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||
| CVE-2007-5899 | 0.00 | — | 0.03 | Nov 20, 2007 | The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten… | |||
| CVE-2007-5898 | 0.00 | — | 0.03 | Nov 20, 2007 | The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. | |||
| CVE-2007-5900 | 0.00 | — | 0.00 | Nov 20, 2007 | PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. | |||
| CVE-2007-5424 | 0.00 | — | 0.02 | Oct 12, 2007 | The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. | |||
| CVE-2007-5128 | 0.00 | — | 0.01 | Sep 27, 2007 | SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | |||
| CVE-2007-4889 | 0.00 | — | 0.01 | Sep 14, 2007 | The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. | |||
| CVE-2007-4887 | 0.00 | — | 0.02 | Sep 14, 2007 | The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||
| CVE-2007-4840 | 0.00 | — | 0.03 | Sep 12, 2007 | PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3)… | |||
| CVE-2007-4825 | 0.00 | — | 0.03 | Sep 12, 2007 | Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. | |||
| CVE-2007-4784 | 0.00 | — | 0.03 | Sep 10, 2007 | The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads,… | |||
| CVE-2007-4782 | 0.00 | — | 0.05 | Sep 10, 2007 | PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter… | |||
| CVE-2007-4783 | 0.00 | — | 0.04 | Sep 10, 2007 | The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service… | |||
| CVE-2007-4670 | 0.00 | — | 0.02 | Sep 5, 2007 | Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | |||
| CVE-2007-4663 | 0.00 | — | 0.02 | Sep 4, 2007 | Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | |||
| CVE-2007-4662 | 0.00 | — | 0.03 | Sep 4, 2007 | Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | |||
| CVE-2007-4661 | 0.00 | — | 0.02 | Sep 4, 2007 | The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer… | |||
| CVE-2007-4659 | 0.00 | — | 0.03 | Sep 4, 2007 | The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | |||
| CVE-2007-4658 | 0.00 | — | 0.02 | Sep 4, 2007 | The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | |||
| CVE-2007-4660 | 0.00 | — | 0.03 | Sep 4, 2007 | Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | |||
| CVE-2007-4657 | 0.00 | — | 0.03 | Sep 4, 2007 | Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an… | |||
| CVE-2007-3996 | 0.00 | — | 0.04 | Sep 4, 2007 | Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx… | |||
| CVE-2007-3998 | 0.00 | — | 0.03 | Sep 4, 2007 | The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated… | |||
| CVE-2007-3378 | 0.00 | — | 0.05 | Jun 29, 2007 | The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as… | |||
| CVE-2007-3205 | 0.00 | — | 0.02 | Jun 13, 2007 | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is… | |||
| CVE-2007-3007 | 0.00 | — | 0.03 | Jun 4, 2007 | PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the… | |||
| CVE-2007-2844 | 0.00 | — | 0.03 | May 24, 2007 | PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain… | |||
| CVE-2006-7205 | 0.00 | — | 0.01 | May 24, 2007 | The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | |||
| CVE-2006-7204 | 0.00 | — | 0.00 | May 22, 2007 | The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. | |||
| CVE-2007-2748 | 0.00 | — | 0.01 | May 17, 2007 | The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||
| CVE-2007-2727 | 0.00 | — | 0.02 | May 16, 2007 | The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow… | |||
| CVE-2007-2728 | 0.00 | — | 0.02 | May 16, 2007 | The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue. | |||
| CVE-2007-2511 | 0.00 | — | 0.00 | May 9, 2007 | Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | |||
| CVE-2007-2510 | 0.00 | — | 0.02 | May 9, 2007 | Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. | |||
| CVE-2007-1864 | 0.00 | — | 0.03 | May 9, 2007 | Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | |||
| CVE-2007-2509 | 0.00 | — | 0.02 | May 9, 2007 | CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | |||
| CVE-2007-1900 | 0.00 | — | 0.02 | Apr 10, 2007 | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent… | |||
| CVE-2007-1887 | 0.00 | — | 0.05 | Apr 6, 2007 | Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the… | |||
| CVE-2007-1885 | 0.00 | — | 0.04 | Apr 6, 2007 | Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. … | |||
| CVE-2007-1884 | 0.00 | — | 0.03 | Apr 6, 2007 | Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function… | |||
| CVE-2007-1888 | 0.00 | — | 0.03 | Apr 6, 2007 | Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a… | |||
| CVE-2007-1883 | 0.00 | — | 0.01 | Apr 6, 2007 | PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which… | |||
| CVE-2007-1889 | 0.00 | — | 0.03 | Apr 6, 2007 | Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a… | |||
| CVE-2007-1886 | 0.00 | — | 0.02 | Apr 6, 2007 | Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." | |||
| CVE-2007-1824 | 0.00 | — | 0.03 | Apr 2, 2007 | Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. | |||
| CVE-2007-1710 | 0.00 | — | 0.00 | Mar 27, 2007 | The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a… | |||
| CVE-2007-1454 | 0.00 | — | 0.01 | Mar 14, 2007 | ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace… | |||
| CVE-2007-1461 | 0.00 | — | 0.02 | Mar 14, 2007 | The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. |
- CVE-2008-0373Jan 22, 2008risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
- CVE-2008-0145Jan 8, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
- CVE-2007-6512Dec 21, 2007risk 0.00cvss —epss 0.01
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
- CVE-2007-5899Nov 20, 2007risk 0.00cvss —epss 0.03
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten…
- CVE-2007-5898Nov 20, 2007risk 0.00cvss —epss 0.03
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
- CVE-2007-5900Nov 20, 2007risk 0.00cvss —epss 0.00
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
- CVE-2007-5424Oct 12, 2007risk 0.00cvss —epss 0.02
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
- CVE-2007-5128Sep 27, 2007risk 0.00cvss —epss 0.01
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
- CVE-2007-4889Sep 14, 2007risk 0.00cvss —epss 0.01
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
- CVE-2007-4887Sep 14, 2007risk 0.00cvss —epss 0.02
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
- CVE-2007-4840Sep 12, 2007risk 0.00cvss —epss 0.03
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3)…
- CVE-2007-4825Sep 12, 2007risk 0.00cvss —epss 0.03
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
- CVE-2007-4784Sep 10, 2007risk 0.00cvss —epss 0.03
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads,…
- CVE-2007-4782Sep 10, 2007risk 0.00cvss —epss 0.05
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter…
- CVE-2007-4783Sep 10, 2007risk 0.00cvss —epss 0.04
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service…
- CVE-2007-4670Sep 5, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
- CVE-2007-4663Sep 4, 2007risk 0.00cvss —epss 0.02
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
- CVE-2007-4662Sep 4, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
- CVE-2007-4661Sep 4, 2007risk 0.00cvss —epss 0.02
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer…
- CVE-2007-4659Sep 4, 2007risk 0.00cvss —epss 0.03
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
- CVE-2007-4658Sep 4, 2007risk 0.00cvss —epss 0.02
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
- CVE-2007-4660Sep 4, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
- CVE-2007-4657Sep 4, 2007risk 0.00cvss —epss 0.03
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an…
- CVE-2007-3996Sep 4, 2007risk 0.00cvss —epss 0.04
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx…
- CVE-2007-3998Sep 4, 2007risk 0.00cvss —epss 0.03
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated…
- CVE-2007-3378Jun 29, 2007risk 0.00cvss —epss 0.05
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as…
- CVE-2007-3205Jun 13, 2007risk 0.00cvss —epss 0.02
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is…
- CVE-2007-3007Jun 4, 2007risk 0.00cvss —epss 0.03
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the…
- CVE-2007-2844May 24, 2007risk 0.00cvss —epss 0.03
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain…
- CVE-2006-7205May 24, 2007risk 0.00cvss —epss 0.01
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
- CVE-2006-7204May 22, 2007risk 0.00cvss —epss 0.00
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
- CVE-2007-2748May 17, 2007risk 0.00cvss —epss 0.01
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
- CVE-2007-2727May 16, 2007risk 0.00cvss —epss 0.02
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow…
- CVE-2007-2728May 16, 2007risk 0.00cvss —epss 0.02
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.
- CVE-2007-2511May 9, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
- CVE-2007-2510May 9, 2007risk 0.00cvss —epss 0.02
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
- CVE-2007-1864May 9, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
- CVE-2007-2509May 9, 2007risk 0.00cvss —epss 0.02
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
- CVE-2007-1900Apr 10, 2007risk 0.00cvss —epss 0.02
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent…
- CVE-2007-1887Apr 6, 2007risk 0.00cvss —epss 0.05
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the…
- CVE-2007-1885Apr 6, 2007risk 0.00cvss —epss 0.04
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. …
- CVE-2007-1884Apr 6, 2007risk 0.00cvss —epss 0.03
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function…
- CVE-2007-1888Apr 6, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a…
- CVE-2007-1883Apr 6, 2007risk 0.00cvss —epss 0.01
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which…
- CVE-2007-1889Apr 6, 2007risk 0.00cvss —epss 0.03
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a…
- CVE-2007-1886Apr 6, 2007risk 0.00cvss —epss 0.02
Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."
- CVE-2007-1824Apr 2, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
- CVE-2007-1710Mar 27, 2007risk 0.00cvss —epss 0.00
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a…
- CVE-2007-1454Mar 14, 2007risk 0.00cvss —epss 0.01
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace…
- CVE-2007-1461Mar 14, 2007risk 0.00cvss —epss 0.02
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.
Page 14 of 16