VYPR

Vendor CVEs

PHP

All CVEs

764 total · sorted by risk
  • CVE-2007-6039Nov 20, 2007
    risk 0.03cvss epss 0.01

    PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4)…

  • CVE-2007-5653Oct 23, 2007
    risk 0.03cvss epss 0.05

    The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding…

  • CVE-2007-5447Oct 14, 2007
    risk 0.03cvss epss 0.05

    ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the…

  • CVE-2007-4652Sep 4, 2007
    risk 0.03cvss epss 0.01

    The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

  • CVE-2007-4528Aug 25, 2007
    risk 0.03cvss epss 0.05

    The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. …

  • CVE-2007-4507Aug 23, 2007
    risk 0.03cvss epss 0.06

    Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4)…

  • CVE-2007-4441Aug 21, 2007
    risk 0.03cvss epss 0.02

    Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.

  • CVE-2007-4010Jul 26, 2007
    risk 0.03cvss epss 0.06

    The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

  • CVE-2007-3790Jul 15, 2007
    risk 0.03cvss epss 0.03

    The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.

  • CVE-2007-1835Apr 3, 2007
    risk 0.03cvss epss 0.01

    PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

  • CVE-2007-1717Mar 28, 2007
    risk 0.03cvss epss 0.05

    The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be…

  • CVE-2007-1709Mar 27, 2007
    risk 0.03cvss epss 0.02

    Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

  • CVE-2007-1584Mar 21, 2007
    risk 0.03cvss epss 0.05

    Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.

  • CVE-2007-1583Mar 21, 2007
    risk 0.03cvss epss 0.05

    The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals…

  • CVE-2007-1582Mar 21, 2007
    risk 0.03cvss epss 0.06

    The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to…

  • CVE-2007-1475Mar 16, 2007
    risk 0.03cvss epss 0.02

    Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

  • CVE-2007-1484Mar 16, 2007
    risk 0.03cvss epss 0.01

    The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after…

  • CVE-2007-1452Mar 14, 2007
    risk 0.03cvss epss 0.05

    The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

  • CVE-2007-1412Mar 12, 2007
    risk 0.03cvss epss 0.06

    The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.

  • CVE-2007-1401Mar 10, 2007
    risk 0.03cvss epss 0.01

    Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

  • CVE-2007-1382Mar 10, 2007
    risk 0.03cvss epss 0.02

    The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

  • CVE-2007-1287Mar 6, 2007
    risk 0.03cvss epss 0.03

    A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

  • CVE-2007-0911Feb 13, 2007
    risk 0.03cvss epss 0.05

    Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

  • CVE-2006-6592Dec 15, 2006
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.

  • CVE-2006-6590Dec 15, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter.

  • CVE-2006-6552Dec 14, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter.

  • CVE-2006-6545Dec 14, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

  • CVE-2006-6383Dec 10, 2006
    risk 0.03cvss epss 0.01

    PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but…

  • CVE-2006-5178Oct 10, 2006
    risk 0.03cvss epss 0.01

    Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the…

  • CVE-2006-4625Sep 12, 2006
    risk 0.03cvss epss 0.01

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

  • CVE-2006-4020Aug 8, 2006
    risk 0.03cvss epss 0.02

    scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

  • CVE-2006-3011Jun 26, 2006
    risk 0.03cvss epss 0.01

    The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

  • CVE-2006-1549Apr 10, 2006
    risk 0.03cvss epss 0.01

    PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.

  • CVE-2006-1608Apr 10, 2006
    risk 0.03cvss epss 0.01

    The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

  • CVE-2006-1494Apr 10, 2006
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.

  • CVE-2006-1014Mar 7, 2006
    risk 0.03cvss epss 0.01

    Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by…

  • CVE-2002-2309Dec 31, 2002
    risk 0.03cvss epss 0.04

    php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.

  • CVE-2015-4026Jun 9, 2015
    risk 0.02cvss epss 0.20

    The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a…

  • CVE-2015-4025Jun 9, 2015
    risk 0.02cvss epss 0.20

    PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a…

  • CVE-2015-4022Jun 9, 2015
    risk 0.02cvss epss 0.21

    Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

  • CVE-2015-4021Jun 9, 2015
    risk 0.02cvss epss 0.21

    The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer…

  • CVE-2015-2331Mar 30, 2015
    risk 0.02cvss epss 0.28

    Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application…

  • CVE-2014-9705Mar 30, 2015
    risk 0.02cvss epss 0.19

    Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

  • CVE-2014-3670Oct 29, 2014
    risk 0.02cvss epss 0.23

    The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application…

  • CVE-2014-3669Oct 29, 2014
    risk 0.02cvss epss 0.29

    Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the…

  • CVE-2014-3668Oct 29, 2014
    risk 0.02cvss epss 0.27

    Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a…

  • CVE-2014-3515Jul 9, 2014
    risk 0.02cvss epss 0.30

    The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable…

  • CVE-2014-2497Mar 21, 2014
    risk 0.02cvss epss 0.22

    The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

  • CVE-2006-0200Jan 13, 2006
    risk 0.02cvss epss 0.19

    Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

  • CVE-2004-0542Aug 6, 2004
    risk 0.02cvss epss 0.31

    PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd…

Page 9 of 16