Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-4143 |
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Published: December 21, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-4142 |
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. Published: December 21, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-2626 |
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. Published: December 01, 2009; 11:30:01 AM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2009-4018 |
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. Published: November 29, 2009; 8:07:32 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3293 |
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." Published: September 22, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3292 |
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." Published: September 22, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3291 |
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. Published: September 22, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-7068 |
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. Published: August 25, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2008-5814 |
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. Published: January 02, 2009; 1:11:09 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2008-4107 |
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102. Published: September 18, 2008; 1:59:33 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2007-2844 |
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. Published: May 24, 2007; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-2727 |
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. Published: May 16, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2007-2509 |
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. Published: May 08, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2007-2510 |
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. Published: May 08, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2007-2511 |
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. Published: May 08, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-1883 |
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-1884 |
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-1885 |
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1888 |
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1890 |
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |