Filtered by vendor Php
Subscriptions
Total
771 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4441 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. | ||||
| CVE-2007-2511 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | ||||
| CVE-2007-4659 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | ||||
| CVE-2007-4658 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | ||||
| CVE-2007-4657 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-09 | N/A |
| Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. | ||||
| CVE-2007-4596 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | ||||
| CVE-2007-4507 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. | ||||
| CVE-2007-5128 | 2 Boesch-it, Php | 2 Simpnews, Php | 2025-04-09 | N/A |
| SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | ||||
| CVE-2006-6590 | 1 Php | 1 Ar Memberscript | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | ||||
| CVE-2006-6592 | 1 Php | 1 Bloq | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | ||||
| CVE-2006-6552 | 1 Php | 1 Blog Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | ||||
| CVE-2007-1900 | 1 Php | 1 Php | 2025-04-09 | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | ||||
| CVE-2009-1271 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. | ||||
| CVE-2007-4662 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | ||||
| CVE-2006-6383 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | ||||
| CVE-2008-2050 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. | ||||
| CVE-2007-1888 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. | ||||
| CVE-2006-4812 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). | ||||
| CVE-2007-1521 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | ||||
| CVE-2007-1885 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. | ||||