Filtered by vendor Php
Subscribe
Total
754 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1287 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. | |||||
CVE-2007-3007 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. | |||||
CVE-2008-1384 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). | |||||
CVE-2008-2371 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. | |||||
CVE-2006-4812 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | N/A |
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). | |||||
CVE-2007-3378 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | |||||
CVE-2007-1454 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. | |||||
CVE-2007-2510 | 1 Php | 1 Php | 2025-04-09 | 5.1 MEDIUM | N/A |
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. | |||||
CVE-2007-0909 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | |||||
CVE-2009-3291 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. | |||||
CVE-2007-1461 | 1 Php | 1 Php | 2025-04-09 | 7.8 HIGH | N/A |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | |||||
CVE-2007-4528 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. | |||||
CVE-2007-0907 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | |||||
CVE-2009-2687 | 2 Debian, Php | 2 Debian Linux, Php | 2025-04-09 | 4.3 MEDIUM | N/A |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | |||||
CVE-2007-1399 | 2 Pecl Zip, Php | 2 1.8.3, Php | 2025-04-09 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | |||||
CVE-2006-7204 | 1 Php | 1 Php | 2025-04-09 | 2.1 LOW | N/A |
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. | |||||
CVE-2006-6383 | 1 Php | 1 Php | 2025-04-09 | 4.6 MEDIUM | N/A |
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | |||||
CVE-2007-2748 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||||
CVE-2007-1411 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. | |||||
CVE-2007-1381 | 1 Php | 1 Php | 2025-04-09 | 7.6 HIGH | N/A |
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. |