VYPR

Vendor CVEs

PHP

All CVEs

764 total · sorted by risk
  • CVE-2007-2369Apr 30, 2007
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2007-1890Apr 6, 2007
    risk 0.04cvss epss 0.08

    Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.

  • CVE-2007-1001Apr 6, 2007
    risk 0.04cvss epss 0.08

    Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or…

  • CVE-2007-1825Apr 2, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by…

  • CVE-2007-1777Mar 30, 2007
    risk 0.04cvss epss 0.15

    Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

  • CVE-2007-1718Mar 28, 2007
    risk 0.04cvss epss 0.07

    CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To…

  • CVE-2007-1700Mar 27, 2007
    risk 0.04cvss epss 0.09

    The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted…

  • CVE-2007-1711Mar 27, 2007
    risk 0.04cvss epss 0.08

    Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to…

  • CVE-2007-1701Mar 27, 2007
    risk 0.04cvss epss 0.09

    PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string…

  • CVE-2007-1649Mar 24, 2007
    risk 0.04cvss epss 0.07

    PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

  • CVE-2007-1581Mar 21, 2007
    risk 0.04cvss epss 0.08

    The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it…

  • CVE-2007-1522Mar 20, 2007
    risk 0.04cvss epss 0.07

    Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier…

  • CVE-2007-1521Mar 20, 2007
    risk 0.04cvss epss 0.08

    Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

  • CVE-2007-1453Mar 14, 2007
    risk 0.04cvss epss 0.10

    Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte…

  • CVE-2007-1413Mar 12, 2007
    risk 0.04cvss epss 0.11

    Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

  • CVE-2007-1411Mar 10, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.

  • CVE-2007-1376Mar 10, 2007
    risk 0.04cvss epss 0.10

    The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate…

  • CVE-2007-1375Mar 10, 2007
    risk 0.04cvss epss 0.08

    Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

  • CVE-2007-1381Mar 10, 2007
    risk 0.04cvss epss 0.09

    The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code…

  • CVE-2007-1380Mar 10, 2007
    risk 0.04cvss epss 0.09

    The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer…

  • CVE-2007-1359Mar 8, 2007
    risk 0.04cvss epss 0.07

    Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still…

  • CVE-2007-0908Feb 13, 2007
    risk 0.04cvss epss 0.12

    The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with…

  • CVE-2006-4812Oct 10, 2006
    risk 0.04cvss epss 0.15

    Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function…

  • CVE-2006-0996Apr 10, 2006
    risk 0.04cvss epss 0.11

    Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

  • CVE-2006-1015Mar 7, 2006
    risk 0.04cvss epss 0.11

    Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and…

  • CVE-2006-0097Jan 6, 2006
    risk 0.04cvss epss 0.09

    Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the…

  • CVE-2004-1020Jan 10, 2005
    risk 0.04cvss epss 0.07

    The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the…

  • CVE-2004-1018Jan 10, 2005
    risk 0.04cvss epss 0.16

    Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or…

  • CVE-2004-1392Dec 31, 2004
    risk 0.04cvss epss 0.10

    PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

  • CVE-2004-0958Nov 3, 2004
    risk 0.04cvss epss 0.10

    php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

  • CVE-2003-0863Nov 17, 2003
    risk 0.04cvss epss 0.07

    The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file…

  • CVE-2003-0442Jul 24, 2003
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

  • CVE-2003-0166Apr 2, 2003
    risk 0.04cvss epss 0.14

    Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other…

  • CVE-2002-1954Dec 31, 2002
    risk 0.04cvss epss 0.12

    Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.

  • CVE-2002-0484Aug 12, 2002
    risk 0.04cvss epss 0.10

    move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

  • CVE-2002-0229May 16, 2002
    risk 0.04cvss epss 0.10

    Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

  • CVE-2001-1246Jun 30, 2001
    risk 0.04cvss epss 0.10

    PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

  • CVE-2001-0042Feb 16, 2001
    risk 0.04cvss epss 0.09

    PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

  • CVE-2000-0059Jan 4, 2000
    risk 0.04cvss epss 0.11

    PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

  • CVE-1999-0068Oct 19, 1997
    risk 0.04cvss epss 0.07

    CGI PHP mylog script allows an attacker to read any file on the target server.

  • CVE-1999-0238Aug 1, 1997
    risk 0.04cvss epss 0.06

    php.cgi allows attackers to read any file on the system.

  • CVE-2015-3329Jun 9, 2015
    risk 0.03cvss epss 0.38

    Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

  • CVE-2012-5381Oct 11, 2012
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment…

  • CVE-2012-2335May 11, 2012
    risk 0.03cvss epss 0.33

    php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string…

  • CVE-2008-7002Aug 19, 2009
    risk 0.03cvss epss 0.01

    PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4)…

  • CVE-2008-6616Apr 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-6615Apr 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2009-0754Mar 3, 2009
    risk 0.03cvss epss 0.01

    PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on…

  • CVE-2008-4334Sep 30, 2008
    risk 0.03cvss epss 0.02

    PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.

  • CVE-2007-4850Jan 25, 2008
    risk 0.03cvss epss 0.06

    curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

Page 8 of 16