Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 9.33%
  • Veröffentlicht 08.08.2007 23:17:00
  • Zuletzt bearbeitet 16.06.2026 22:43:41

Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

Exploit
  • EPSS 18.66%
  • Veröffentlicht 27.07.2007 22:30:00
  • Zuletzt bearbeitet 16.06.2026 22:43:16

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloa...

Exploit
  • EPSS 5.53%
  • Veröffentlicht 26.07.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:43:14

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

  • EPSS 10.74%
  • Veröffentlicht 17.07.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:46

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platform...

  • EPSS 7.92%
  • Veröffentlicht 16.07.2007 22:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:45

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the sessio...

  • EPSS 3.02%
  • Veröffentlicht 15.07.2007 23:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:44

The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.

Exploit
  • EPSS 5.33%
  • Veröffentlicht 29.06.2007 18:30:00
  • Zuletzt bearbeitet 16.06.2026 22:41:52

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu...

  • EPSS 9.39%
  • Veröffentlicht 20.06.2007 21:30:00
  • Zuletzt bearbeitet 16.06.2026 22:41:26

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unsp...

  • EPSS 2.08%
  • Veröffentlicht 13.06.2007 10:30:00
  • Zuletzt bearbeitet 16.06.2026 22:41:16

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it ...

  • EPSS 8.88%
  • Veröffentlicht 04.06.2007 17:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:36

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.