CVE-2008-2107
- EPSS 3.39%
- Veröffentlicht 07.05.2008 21:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:06
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subse...
CVE-2008-2108
- EPSS 4.29%
- Veröffentlicht 07.05.2008 21:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:07
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a...
- EPSS 10.92%
- Veröffentlicht 05.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:57
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
- EPSS 3.44%
- Veröffentlicht 05.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:00
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
- EPSS 3.1%
- Veröffentlicht 05.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:00
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
- EPSS 2.14%
- Veröffentlicht 27.03.2008 17:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:38
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring f...
- EPSS 5.58%
- Veröffentlicht 25.01.2008 01:00:00
- Zuletzt bearbeitet 16.06.2026 22:44:54
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln...
CVE-2008-0145
- EPSS 2.31%
- Veröffentlicht 08.01.2008 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:49:01
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
CVE-2007-5899
- EPSS 3.39%
- Veröffentlicht 20.11.2007 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:59
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as ...
CVE-2007-6039
- EPSS 1.03%
- Veröffentlicht 20.11.2007 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:18
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the ...