CVE-2007-0911
- EPSS 5.27%
- Veröffentlicht 13.02.2007 23:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:32
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
CVE-2007-0455
- EPSS 11.69%
- Veröffentlicht 30.01.2007 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:36
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded...
CVE-2006-6383
- EPSS 1.09%
- Veröffentlicht 10.12.2006 20:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:00
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP v...
CVE-2006-5706
- EPSS 0.33%
- Veröffentlicht 04.11.2006 01:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:41
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector migh...
CVE-2006-5465
- EPSS 7.51%
- Veröffentlicht 04.11.2006 00:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:15
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
- EPSS 15.39%
- Veröffentlicht 10.10.2006 04:06:00
- Zuletzt bearbeitet 16.06.2026 22:29:50
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend En...
CVE-2006-5178
- EPSS 0.65%
- Veröffentlicht 10.10.2006 04:06:00
- Zuletzt bearbeitet 16.06.2026 22:30:40
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before t...
CVE-2006-4625
- EPSS 0.91%
- Veröffentlicht 12.09.2006 16:07:00
- Zuletzt bearbeitet 16.06.2026 22:29:28
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
CVE-2006-4481
- EPSS 1.45%
- Veröffentlicht 31.08.2006 21:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:11
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_o...
CVE-2006-4482
- EPSS 4.49%
- Veröffentlicht 31.08.2006 21:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:11
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990...