Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 7.84%
  • Veröffentlicht 06.04.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:30

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff...

  • EPSS 8.32%
  • Veröffentlicht 06.04.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:36:44

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) ...

  • EPSS 0.69%
  • Veröffentlicht 03.04.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:23

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

Exploit
  • EPSS 2.62%
  • Veröffentlicht 02.04.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:22

Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.

Exploit
  • EPSS 10.38%
  • Veröffentlicht 02.04.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:22

Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue...

Exploit
  • EPSS 15.33%
  • Veröffentlicht 30.03.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:16

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, tr...

Exploit
  • EPSS 4.65%
  • Veröffentlicht 28.03.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:10

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO...

Exploit
  • EPSS 6.69%
  • Veröffentlicht 28.03.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:10

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of...

Exploit
  • EPSS 9.02%
  • Veröffentlicht 27.03.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:08

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbit...

  • EPSS 9.23%
  • Veröffentlicht 27.03.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:08

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling se...