Filtered by vendor Php
Subscribe
Total
737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-6552 | 1 Php | 1 Blog Cms | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | |||||
CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
CVE-2007-4010 | 1 Php | 1 Php | 2024-02-28 | 6.8 MEDIUM | N/A |
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. | |||||
CVE-2007-4782 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | |||||
CVE-2007-1521 | 1 Php | 1 Php | 2024-02-28 | 6.8 MEDIUM | N/A |
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | |||||
CVE-2007-4507 | 1 Php | 1 Php | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. | |||||
CVE-2006-7204 | 1 Php | 1 Php | 2024-02-28 | 2.1 LOW | N/A |
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. | |||||
CVE-2007-4033 | 2 Php, T1lib | 2 Php, T1lib | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. | |||||
CVE-2006-6545 | 1 Php | 1 Errordocs | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
CVE-2007-1484 | 1 Php | 1 Php | 2024-02-28 | 4.6 MEDIUM | N/A |
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. | |||||
CVE-2007-4825 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. | |||||
CVE-2007-1581 | 1 Php | 1 Php | 2024-02-28 | 9.3 HIGH | N/A |
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. | |||||
CVE-2007-4663 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | |||||
CVE-2007-0907 | 2 Php, Trustix | 2 Php, Secure Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | |||||
CVE-2006-5178 | 1 Php | 1 Php | 2024-02-28 | 6.2 MEDIUM | N/A |
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. | |||||
CVE-2007-0905 | 2 Php, Trustix | 2 Php, Secure Linux | 2024-02-28 | 7.5 HIGH | N/A |
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | |||||
CVE-2007-1885 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. | |||||
CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
CVE-2007-1286 | 1 Php | 1 Php | 2024-02-28 | 6.8 MEDIUM | N/A |
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. | |||||
CVE-2007-1890 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. |