Filtered by vendor Php
Subscriptions
Filtered by product Php
Subscriptions
Total
730 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1700 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. | ||||
| CVE-2007-4596 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | ||||
| CVE-2007-1649 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | ||||
| CVE-2007-1522 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | ||||
| CVE-2007-4652 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | ||||
| CVE-2007-4659 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | ||||
| CVE-2007-4660 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | ||||
| CVE-2007-4661 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. | ||||
| CVE-2007-1453 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. | ||||
| CVE-2007-4670 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | ||||
| CVE-2007-1412 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. | ||||
| CVE-2007-1411 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. | ||||
| CVE-2007-1396 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor. | ||||
| CVE-2007-1286 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-09 | N/A |
| Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. | ||||
| CVE-2007-1460 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | ||||
| CVE-2007-5424 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. | ||||
| CVE-2008-7068 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. | ||||
| CVE-2007-5653 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. | ||||
| CVE-2007-1285 | 5 Canonical, Novell, Php and 2 more | 10 Ubuntu Linux, Suse Linux, Php and 7 more | 2025-04-09 | 7.5 High |
| The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | ||||
| CVE-2007-1399 | 2 Pecl Zip, Php | 2 1.8.3, Php | 2025-04-09 | N/A |
| Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | ||||