Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.14%
  • Veröffentlicht 04.09.2007 22:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:32

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.

  • EPSS 0.61%
  • Veröffentlicht 04.09.2007 19:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:30

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

  • EPSS 4.22%
  • Veröffentlicht 04.09.2007 18:17:00
  • Zuletzt bearbeitet 16.06.2026 22:43:12

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la...

Exploit
  • EPSS 13.82%
  • Veröffentlicht 04.09.2007 18:17:00
  • Zuletzt bearbeitet 16.06.2026 22:43:12

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

  • EPSS 2.99%
  • Veröffentlicht 04.09.2007 18:17:00
  • Zuletzt bearbeitet 16.06.2026 22:43:12

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai...

Exploit
  • EPSS 7.78%
  • Veröffentlicht 30.08.2007 18:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:24

The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.

  • EPSS 9.45%
  • Veröffentlicht 29.08.2007 01:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:22

Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to...

  • EPSS 4.7%
  • Veröffentlicht 25.08.2007 00:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:15

The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll...

  • EPSS 5.83%
  • Veröffentlicht 23.08.2007 19:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:13

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getuserg...

  • EPSS 1.52%
  • Veröffentlicht 21.08.2007 00:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:06

Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.