Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.83%
  • Veröffentlicht 19.08.2009 05:24:52
  • Zuletzt bearbeitet 16.06.2026 23:03:24

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) ...

Exploit
  • EPSS 4.38%
  • Veröffentlicht 05.08.2009 19:30:01
  • Zuletzt bearbeitet 16.06.2026 23:10:00

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

  • EPSS 2.4%
  • Veröffentlicht 08.04.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:54

The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.

  • EPSS 1.97%
  • Veröffentlicht 08.04.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:55

The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during ex...

Exploit
  • EPSS 0.95%
  • Veröffentlicht 03.03.2009 16:30:05
  • Zuletzt bearbeitet 16.06.2026 23:05:44

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied...

Exploit
  • EPSS 1.66%
  • Veröffentlicht 05.01.2009 20:30:02
  • Zuletzt bearbeitet 16.06.2026 23:01:05

PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL ...

  • EPSS 1.86%
  • Veröffentlicht 02.01.2009 18:11:09
  • Zuletzt bearbeitet 16.06.2026 23:01:02

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear ...

Exploit
  • EPSS 8.85%
  • Veröffentlicht 26.12.2008 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:07

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an inde...

Exploit
  • EPSS 7.37%
  • Veröffentlicht 23.12.2008 18:30:03
  • Zuletzt bearbeitet 16.06.2026 23:00:33

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is n...

Exploit
  • EPSS 4.03%
  • Veröffentlicht 17.12.2008 20:30:01
  • Zuletzt bearbeitet 16.06.2026 23:00:44

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.