CVE-2008-7002
- EPSS 0.83%
- Veröffentlicht 19.08.2009 05:24:52
- Zuletzt bearbeitet 16.06.2026 23:03:24
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) ...
CVE-2009-2687
- EPSS 4.38%
- Veröffentlicht 05.08.2009 19:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:00
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
- EPSS 2.4%
- Veröffentlicht 08.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:54
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
- EPSS 1.97%
- Veröffentlicht 08.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:55
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during ex...
CVE-2009-0754
- EPSS 0.95%
- Veröffentlicht 03.03.2009 16:30:05
- Zuletzt bearbeitet 16.06.2026 23:05:44
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied...
CVE-2008-5844
- EPSS 1.66%
- Veröffentlicht 05.01.2009 20:30:02
- Zuletzt bearbeitet 16.06.2026 23:01:05
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL ...
CVE-2008-5814
- EPSS 1.86%
- Veröffentlicht 02.01.2009 18:11:09
- Zuletzt bearbeitet 16.06.2026 23:01:02
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear ...
- EPSS 8.85%
- Veröffentlicht 26.12.2008 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:00:07
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an inde...
- EPSS 7.37%
- Veröffentlicht 23.12.2008 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:00:33
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is n...
CVE-2008-5658
- EPSS 4.03%
- Veröffentlicht 17.12.2008 20:30:01
- Zuletzt bearbeitet 16.06.2026 23:00:44
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.