Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.41%
  • Veröffentlicht 29.05.2006 16:02:00
  • Zuletzt bearbeitet 16.06.2026 22:25:20

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

Exploit
  • EPSS 10.38%
  • Veröffentlicht 24.04.2006 23:02:00
  • Zuletzt bearbeitet 16.06.2026 22:24:05

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer ov...

Exploit
  • EPSS 2.19%
  • Veröffentlicht 24.04.2006 23:02:00
  • Zuletzt bearbeitet 16.06.2026 22:24:05

The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.

Exploit
  • EPSS 0.86%
  • Veröffentlicht 10.04.2006 22:58:00
  • Zuletzt bearbeitet 16.06.2026 22:23:10

PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.

Exploit
  • EPSS 6.24%
  • Veröffentlicht 10.04.2006 19:02:00
  • Zuletzt bearbeitet 16.06.2026 22:23:03

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.

Exploit
  • EPSS 1.1%
  • Veröffentlicht 10.04.2006 19:02:00
  • Zuletzt bearbeitet 16.06.2026 22:23:17

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Exploit
  • EPSS 10.81%
  • Veröffentlicht 10.04.2006 18:06:00
  • Zuletzt bearbeitet 16.06.2026 22:21:48

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents...

  • EPSS 20.51%
  • Veröffentlicht 29.03.2006 21:06:00
  • Zuletzt bearbeitet 16.06.2026 22:22:46

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safet...

Exploit
  • EPSS 1.3%
  • Veröffentlicht 07.03.2006 00:02:00
  • Zuletzt bearbeitet 16.06.2026 22:21:51

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and crea...

  • EPSS 11.08%
  • Veröffentlicht 07.03.2006 00:02:00
  • Zuletzt bearbeitet 16.06.2026 22:21:51

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary ...