Filtered by vendor Php
Subscribe
Total
744 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2687 | 2 Debian, Php | 2 Debian Linux, Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | |||||
| CVE-2007-1383 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286. | |||||
| CVE-2007-1890 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. | |||||
| CVE-2007-1379 | 1 Php | 1 Php | 2025-04-09 | 5.1 MEDIUM | N/A |
| The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code. | |||||
| CVE-2007-4659 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | |||||
| CVE-2007-1381 | 1 Php | 1 Php | 2025-04-09 | 7.6 HIGH | N/A |
| The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. | |||||
| CVE-2008-7068 | 1 Php | 1 Php | 2025-04-09 | 6.4 MEDIUM | N/A |
| The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. | |||||
| CVE-2007-1711 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). | |||||
| CVE-2007-1887 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. | |||||
| CVE-2009-1272 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. | |||||
| CVE-2008-0145 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||||
| CVE-2007-1886 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." | |||||
| CVE-2007-1825 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3. | |||||
| CVE-2007-2511 | 1 Php | 1 Php | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | |||||
| CVE-2007-4840 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | |||||
| CVE-2008-5625 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. | |||||
| CVE-2008-5658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. | |||||
| CVE-2007-1484 | 1 Php | 1 Php | 2025-04-09 | 4.6 MEDIUM | N/A |
| The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. | |||||
| CVE-2007-0905 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 7.5 HIGH | N/A |
| PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | |||||
| CVE-2007-3205 | 2 Hardened-php Project, Php | 3 Hardened-php, Subhosin, Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. | |||||