Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.03%
  • Veröffentlicht 07.05.2010 23:00:01
  • Zuletzt bearbeitet 16.06.2026 23:19:29

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, wh...

Exploit
  • EPSS 7.94%
  • Veröffentlicht 26.03.2010 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:17:34

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies gener...

  • EPSS 2.54%
  • Veröffentlicht 26.03.2010 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:17:34

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the...

Exploit
  • EPSS 9.37%
  • Veröffentlicht 26.03.2010 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:17:34

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode ...

Exploit
  • EPSS 11.53%
  • Veröffentlicht 16.03.2010 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:16:04

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and a...

  • EPSS 0.97%
  • Veröffentlicht 24.12.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:37

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: s...

Exploit
  • EPSS 6.5%
  • Veröffentlicht 21.12.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:07

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks b...

  • EPSS 2.95%
  • Veröffentlicht 21.12.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:07

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Exploit
  • EPSS 8.31%
  • Veröffentlicht 01.12.2009 16:30:01
  • Zuletzt bearbeitet 16.06.2026 23:09:52

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a varia...

Exploit
  • EPSS 11.34%
  • Veröffentlicht 29.11.2009 13:07:32
  • Zuletzt bearbeitet 16.06.2026 23:12:50

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr...