CVE-2006-2563
- EPSS 0.41%
- Veröffentlicht 29.05.2006 16:02:00
- Zuletzt bearbeitet 16.06.2026 22:25:20
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
- EPSS 10.38%
- Veröffentlicht 24.04.2006 23:02:00
- Zuletzt bearbeitet 16.06.2026 22:24:05
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer ov...
CVE-2006-1991
- EPSS 2.19%
- Veröffentlicht 24.04.2006 23:02:00
- Zuletzt bearbeitet 16.06.2026 22:24:05
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
CVE-2006-1549
- EPSS 0.86%
- Veröffentlicht 10.04.2006 22:58:00
- Zuletzt bearbeitet 16.06.2026 22:23:10
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
CVE-2006-1494
- EPSS 6.24%
- Veröffentlicht 10.04.2006 19:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:03
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
CVE-2006-1608
- EPSS 1.1%
- Veröffentlicht 10.04.2006 19:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:17
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
CVE-2006-0996
- EPSS 10.81%
- Veröffentlicht 10.04.2006 18:06:00
- Zuletzt bearbeitet 16.06.2026 22:21:48
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents...
- EPSS 20.51%
- Veröffentlicht 29.03.2006 21:06:00
- Zuletzt bearbeitet 16.06.2026 22:22:46
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safet...
CVE-2006-1014
- EPSS 1.3%
- Veröffentlicht 07.03.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:51
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and crea...
CVE-2006-1015
- EPSS 11.08%
- Veröffentlicht 07.03.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:51
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary ...