Php

Php

714 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2007-1286

Exploit
  • EPSS 87.01%
  • Veröffentlicht 06.03.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

4.3

CVE-2007-1287

Exploit
  • EPSS 23.12%
  • Veröffentlicht 06.03.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as origina...

4.3

CVE-2007-0988

  • EPSS 1.88%
  • Veröffentlicht 20.02.2007 17:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only caus...

7.5

CVE-2007-0905

  • EPSS 1.76%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

7.5

CVE-2007-0906

  • EPSS 2.17%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) s...

5

CVE-2007-0907

  • EPSS 3.09%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

5

CVE-2007-0908

  • EPSS 16.54%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element ...

7.5

CVE-2007-0909

  • EPSS 3.51%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

10

CVE-2007-0910

  • EPSS 8.11%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

7.8

CVE-2007-0911

Exploit
  • EPSS 9.71%
  • Veröffentlicht 13.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).