Php

Php

711 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-2748

  • EPSS 0.48%
  • Veröffentlicht 17.05.2007 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

2.6

CVE-2007-2727

Exploit
  • EPSS 0.49%
  • Veröffentlicht 16.05.2007 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), whi...

5

CVE-2007-2728

  • EPSS 1.27%
  • Veröffentlicht 16.05.2007 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid sec...

7.5

CVE-2007-1864

  • EPSS 5.57%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

2.6

CVE-2007-2509

  • EPSS 5.32%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

5.1

CVE-2007-2510

  • EPSS 4.31%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

7.2

CVE-2007-2511

  • EPSS 0.1%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

5

CVE-2007-2369

  • EPSS 5.66%
  • Veröffentlicht 30.04.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

5

CVE-2007-1900

  • EPSS 1%
  • Veröffentlicht 10.04.2007 18:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression...

7.8

CVE-2007-1883

Exploit
  • EPSS 0.38%
  • Veröffentlicht 06.04.2007 01:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via t...