Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:php:php:5.1.0:-:*:*:*:*:*:*
There are 387 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2008-5814

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

Published: January 02, 2009; 1:11:09 PM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2008-5498

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Published: December 26, 2008; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.

Published: December 23, 2008; 1:30:03 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-5658

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Published: December 17, 2008; 3:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.

Published: December 17, 2008; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.

Published: December 17, 2008; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4107

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Published: September 18, 2008; 1:59:33 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2008-2666

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Published: June 19, 2008; 9:41:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-2107

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Published: May 07, 2008; 5:20:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-2108

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.

Published: May 07, 2008; 5:20:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0599

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Published: May 05, 2008; 1:20:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-2050

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

Published: May 05, 2008; 1:20:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-2051

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

Published: May 05, 2008; 1:20:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-1384

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

Published: March 27, 2008; 1:44:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-5899

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

Published: November 20, 2007; 2:46:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-6039

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

Published: November 20, 2007; 2:46:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-5898

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

Published: November 20, 2007; 1:46:00 PM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Published: November 20, 2007; 1:46:00 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-5653

The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.

Published: October 23, 2007; 5:47:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-4889

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Published: September 13, 2007; 9:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM