Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.22%
  • Veröffentlicht 17.12.2008 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:40

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to b...

Exploit
  • EPSS 7.31%
  • Veröffentlicht 17.12.2008 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:41

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log"...

  • EPSS 3.01%
  • Veröffentlicht 18.09.2008 17:59:33
  • Zuletzt bearbeitet 16.06.2026 22:57:11

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by ...

Exploit
  • EPSS 6.85%
  • Veröffentlicht 15.08.2008 00:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:15

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

  • EPSS 6.03%
  • Veröffentlicht 15.08.2008 00:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:15

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function...

  • EPSS 3.35%
  • Veröffentlicht 15.08.2008 00:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:15

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Exploit
  • EPSS 6.73%
  • Veröffentlicht 07.07.2008 23:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:39

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins ...

  • EPSS 5.27%
  • Veröffentlicht 23.06.2008 20:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:34

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega...

Exploit
  • EPSS 3.38%
  • Veröffentlicht 20.06.2008 01:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:11

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after...

  • EPSS 13.92%
  • Veröffentlicht 20.06.2008 01:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:11

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to ...