Filtered by vendor Php
Subscribe
Total
727 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3062 | 1 Php | 1 Php | 2010-12-06 | 5.0 MEDIUM | N/A |
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. | |||||
CVE-2010-2093 | 1 Php | 1 Php | 2010-12-06 | 5.0 MEDIUM | N/A |
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. | |||||
CVE-2010-1866 | 1 Php | 1 Php | 2010-09-29 | 7.5 HIGH | N/A |
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | |||||
CVE-2010-1129 | 1 Php | 1 Php | 2010-08-30 | 7.5 HIGH | N/A |
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. | |||||
CVE-2010-1868 | 1 Php | 1 Php | 2010-05-10 | 7.5 HIGH | N/A |
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | |||||
CVE-2010-1861 | 1 Php | 1 Php | 2010-05-09 | 6.4 MEDIUM | N/A |
The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. | |||||
CVE-2009-1272 | 1 Php | 1 Php | 2009-09-15 | 5.0 MEDIUM | N/A |
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. | |||||
CVE-2008-7002 | 1 Php | 1 Php | 2009-08-18 | 7.2 HIGH | N/A |
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation. | |||||
CVE-2008-5844 | 1 Php | 1 Php | 2009-05-13 | 7.5 HIGH | N/A |
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks. | |||||
CVE-2007-0448 | 1 Php | 1 Php | 2008-09-10 | 10.0 HIGH | N/A |
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | |||||
CVE-2002-0121 | 1 Php | 1 Php | 2008-09-10 | 2.1 LOW | N/A |
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
CVE-2001-1246 | 1 Php | 1 Php | 2008-09-10 | 7.5 HIGH | N/A |
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2000-0059 | 1 Php | 1 Php | 2008-09-10 | 10.0 HIGH | N/A |
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. | |||||
CVE-1999-0346 | 1 Php | 1 Php Fi | 2008-09-09 | 5.0 MEDIUM | N/A |
CGI PHP mlog script allows an attacker to read any file on the target server. | |||||
CVE-1999-0068 | 1 Php | 1 Php | 2008-09-09 | 7.5 HIGH | N/A |
CGI PHP mylog script allows an attacker to read any file on the target server. | |||||
CVE-1999-0058 | 1 Php | 1 Php | 2008-09-09 | 7.5 HIGH | N/A |
Buffer overflow in PHP cgi program, php.cgi allows shell access. | |||||
CVE-2007-1452 | 1 Php | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST. | |||||
CVE-2007-1454 | 1 Php | 1 Php | 2008-09-05 | 4.3 MEDIUM | N/A |
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. | |||||
CVE-2007-1381 | 1 Php | 1 Php | 2008-09-05 | 7.6 HIGH | N/A |
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. | |||||
CVE-2007-1453 | 1 Php | 1 Php | 2008-09-05 | 7.5 HIGH | N/A |
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. |