Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.7%
  • Veröffentlicht 04.06.2007 17:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:52

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this ...

Exploit
  • EPSS 7.11%
  • Veröffentlicht 24.05.2007 18:30:00
  • Zuletzt bearbeitet 16.06.2026 22:35:35

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the s...

  • EPSS 2.86%
  • Veröffentlicht 24.05.2007 18:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:32

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite interna...

  • EPSS 0.36%
  • Veröffentlicht 22.05.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:34:34

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

  • EPSS 1.4%
  • Veröffentlicht 17.05.2007 20:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:14

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

Exploit
  • EPSS 1.86%
  • Veröffentlicht 16.05.2007 22:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:11

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), whi...

  • EPSS 2.42%
  • Veröffentlicht 16.05.2007 22:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:12

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid sec...

  • EPSS 2.92%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:27

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

  • EPSS 2.07%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:44

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

  • EPSS 2.3%
  • Veröffentlicht 09.05.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:44

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.