Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.98%
  • Veröffentlicht 27.03.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:09

Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

  • EPSS 0.44%
  • Veröffentlicht 27.03.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:09

The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a...

  • EPSS 7.63%
  • Veröffentlicht 27.03.2007 01:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:09

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was in...

Exploit
  • EPSS 7.21%
  • Veröffentlicht 24.03.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:01

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Exploit
  • EPSS 7.92%
  • Veröffentlicht 21.03.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:52

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify in...

  • EPSS 5.92%
  • Veröffentlicht 21.03.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:52

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error ...

  • EPSS 5.24%
  • Veröffentlicht 21.03.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:52

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with...

  • EPSS 5.25%
  • Veröffentlicht 21.03.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:52

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.

Exploit
  • EPSS 8.49%
  • Veröffentlicht 20.03.2007 20:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:45

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a...

Exploit
  • EPSS 6.61%
  • Veröffentlicht 20.03.2007 20:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:45

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which call...