Php

Php

711 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2008-3659

  • EPSS 14.23%
  • Published 15.08.2008 00:41:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function...

5

CVE-2008-3660

  • EPSS 15.97%
  • Published 15.08.2008 00:41:00
  • Last modified 09.04.2025 00:30:58

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

7.5

CVE-2008-2371

Exploit
  • EPSS 4.13%
  • Published 07.07.2008 23:41:00
  • Last modified 09.04.2025 00:30:58

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins ...

5

CVE-2008-2829

  • EPSS 8.21%
  • Published 23.06.2008 20:41:00
  • Last modified 09.04.2025 00:30:58

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega...

5

CVE-2008-2665

Exploit
  • EPSS 3.57%
  • Published 20.06.2008 01:41:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after...

5

CVE-2008-2666

  • EPSS 7.27%
  • Published 20.06.2008 01:41:00
  • Last modified 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to ...

7.5

CVE-2008-2107

Exploit
  • EPSS 2.6%
  • Published 07.05.2008 21:20:00
  • Last modified 09.04.2025 00:30:58

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subse...

9.8

CVE-2008-2108

Exploit
  • EPSS 4.74%
  • Published 07.05.2008 21:20:00
  • Last modified 09.04.2025 00:30:58

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a...

10

CVE-2008-0599

Exploit
  • EPSS 52.94%
  • Published 05.05.2008 17:20:00
  • Last modified 09.04.2025 00:30:58

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

10

CVE-2008-2050

Exploit
  • EPSS 6.65%
  • Published 05.05.2008 17:20:00
  • Last modified 09.04.2025 00:30:58

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.