Php

Php

711 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2007-5424

  • EPSS 0.32%
  • Published 12.10.2007 23:17:00
  • Last modified 09.04.2025 00:30:58

The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

5

CVE-2007-5128

  • EPSS 0.35%
  • Published 27.09.2007 19:17:00
  • Last modified 09.04.2025 00:30:58

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for t...

6.8

CVE-2007-4889

  • EPSS 0.52%
  • Published 14.09.2007 01:17:00
  • Last modified 09.04.2025 00:30:58

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

4.3

CVE-2007-4887

  • EPSS 2.35%
  • Published 14.09.2007 00:17:00
  • Last modified 09.04.2025 00:30:58

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit...

5

CVE-2007-4840

  • EPSS 1.87%
  • Published 12.09.2007 20:17:00
  • Last modified 09.04.2025 00:30:58

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode...

7.5

CVE-2007-4825

  • EPSS 0.27%
  • Published 12.09.2007 01:17:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

5

CVE-2007-4782

Exploit
  • EPSS 3.84%
  • Published 10.09.2007 21:17:00
  • Last modified 09.04.2025 00:30:58

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanie...

5

CVE-2007-4783

  • EPSS 1.87%
  • Published 10.09.2007 21:17:00
  • Last modified 09.04.2025 00:30:58

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) ...

5

CVE-2007-4784

  • EPSS 1.66%
  • Published 10.09.2007 21:17:00
  • Last modified 09.04.2025 00:30:58

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that su...

5

CVE-2007-4670

  • EPSS 3.91%
  • Published 05.09.2007 00:17:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.