VYPR

Vendor CVEs

PHP

All CVEs

763 total · sorted by risk
  • CVE-2008-0373Jan 22, 2008
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.

  • CVE-2008-0145Jan 8, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.

  • CVE-2007-6512Dec 21, 2007
    risk 0.00cvss epss 0.01

    PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.

  • CVE-2007-5899Nov 20, 2007
    risk 0.00cvss epss 0.03

    The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten…

  • CVE-2007-5898Nov 20, 2007
    risk 0.00cvss epss 0.03

    The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

  • CVE-2007-5900Nov 20, 2007
    risk 0.00cvss epss 0.00

    PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

  • CVE-2007-5424Oct 12, 2007
    risk 0.00cvss epss 0.02

    The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

  • CVE-2007-5128Sep 27, 2007
    risk 0.00cvss epss 0.01

    SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

  • CVE-2007-4889Sep 14, 2007
    risk 0.00cvss epss 0.01

    The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

  • CVE-2007-4887Sep 14, 2007
    risk 0.00cvss epss 0.02

    The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

  • CVE-2007-4840Sep 12, 2007
    risk 0.00cvss epss 0.03

    PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3)…

  • CVE-2007-4825Sep 12, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

  • CVE-2007-4784Sep 10, 2007
    risk 0.00cvss epss 0.03

    The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads,…

  • CVE-2007-4782Sep 10, 2007
    risk 0.00cvss epss 0.05

    PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter…

  • CVE-2007-4783Sep 10, 2007
    risk 0.00cvss epss 0.04

    The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service…

  • CVE-2007-4670Sep 5, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.

  • CVE-2007-4663Sep 4, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.

  • CVE-2007-4662Sep 4, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.

  • CVE-2007-4661Sep 4, 2007
    risk 0.00cvss epss 0.02

    The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer…

  • CVE-2007-4659Sep 4, 2007
    risk 0.00cvss epss 0.03

    The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.

  • CVE-2007-4658Sep 4, 2007
    risk 0.00cvss epss 0.02

    The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

  • CVE-2007-4660Sep 4, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.

  • CVE-2007-4657Sep 4, 2007
    risk 0.00cvss epss 0.03

    Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an…

  • CVE-2007-3996Sep 4, 2007
    risk 0.00cvss epss 0.04

    Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx…

  • CVE-2007-3998Sep 4, 2007
    risk 0.00cvss epss 0.03

    The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated…

  • CVE-2007-3378Jun 29, 2007
    risk 0.00cvss epss 0.05

    The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as…

  • CVE-2007-3205Jun 13, 2007
    risk 0.00cvss epss 0.02

    The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is…

  • CVE-2007-3007Jun 4, 2007
    risk 0.00cvss epss 0.03

    PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the…

  • CVE-2007-2844May 24, 2007
    risk 0.00cvss epss 0.03

    PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain…

  • CVE-2006-7205May 24, 2007
    risk 0.00cvss epss 0.01

    The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.

  • CVE-2006-7204May 22, 2007
    risk 0.00cvss epss 0.00

    The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

  • CVE-2007-2748May 17, 2007
    risk 0.00cvss epss 0.01

    The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

  • CVE-2007-2727May 16, 2007
    risk 0.00cvss epss 0.02

    The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow…

  • CVE-2007-2728May 16, 2007
    risk 0.00cvss epss 0.02

    The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.

  • CVE-2007-2511May 9, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

  • CVE-2007-2510May 9, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

  • CVE-2007-1864May 9, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

  • CVE-2007-2509May 9, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

  • CVE-2007-1900Apr 10, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent…

  • CVE-2007-1887Apr 6, 2007
    risk 0.00cvss epss 0.05

    Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the…

  • CVE-2007-1885Apr 6, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. …

  • CVE-2007-1884Apr 6, 2007
    risk 0.00cvss epss 0.03

    Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function…

  • CVE-2007-1888Apr 6, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a…

  • CVE-2007-1883Apr 6, 2007
    risk 0.00cvss epss 0.01

    PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which…

  • CVE-2007-1889Apr 6, 2007
    risk 0.00cvss epss 0.03

    Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a…

  • CVE-2007-1886Apr 6, 2007
    risk 0.00cvss epss 0.02

    Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."

  • CVE-2007-1824Apr 2, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.

  • CVE-2007-1710Mar 27, 2007
    risk 0.00cvss epss 0.00

    The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a…

  • CVE-2007-1454Mar 14, 2007
    risk 0.00cvss epss 0.01

    ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace…

  • CVE-2007-1461Mar 14, 2007
    risk 0.00cvss epss 0.02

    The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.