Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.37%
  • Veröffentlicht 16.03.2007 21:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:39

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

Exploit
  • EPSS 1.11%
  • Veröffentlicht 16.03.2007 21:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:40

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio...

  • EPSS 5.15%
  • Veröffentlicht 14.03.2007 18:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:36

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Exploit
  • EPSS 9.52%
  • Veröffentlicht 14.03.2007 18:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:36

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes...

  • EPSS 1.3%
  • Veröffentlicht 14.03.2007 18:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:36

ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by...

  • EPSS 1.92%
  • Veröffentlicht 14.03.2007 18:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:37

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.

  • EPSS 2.2%
  • Veröffentlicht 14.03.2007 18:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:37

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct...

Exploit
  • EPSS 5.84%
  • Veröffentlicht 12.03.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:32

The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.

Exploit
  • EPSS 11.09%
  • Veröffentlicht 12.03.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:32

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object...

  • EPSS 1.86%
  • Veröffentlicht 10.03.2007 22:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:30

The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte...