Permalink
Fetching contributors…
Cannot retrieve contributors at this time
6986 lines (6984 sloc) 368 KB
{
"checks": [
{
"threat": "5.0",
"cveid": "CVE-2000-0860",
"summary": "The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. \nPublish Date : 2000-11-14 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2000-0967",
"summary": "PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. \nPublish Date : 2000-12-19 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2001-0108",
"summary": "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. \n Publish Date : 2001-03-12 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2001-1246",
"summary": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. \n Publish Date : 2001-06-30 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.6"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2001-1247",
"summary": "PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. \n Publish Date : 2001-12-06 Last Update Date : 2012-06-25",
"fixVersions": {
"base": [
"4.0.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2001-1385",
"summary": "The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. \n Publish Date : 2001-01-12 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0081",
"summary": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart\/form-data HTTP POST request when file_uploads is enabled. \n Publish Date : 2002-03-08 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.7",
"4.1.2"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2002-0121",
"summary": "PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. \n Publish Date : 2002-03-25 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0229",
"summary": "Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using \"LOAD DATA INFILE LOCAL\" SQL statements. \n Publish Date : 2002-05-16 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-0253",
"summary": "PHP, when not configured with the \"display_errors = Off\" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. \n Publish Date : 2002-05-29 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-0484",
"summary": "move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. \n Publish Date : 2002-08-12 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0717",
"summary": "PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart\/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. \n Publish Date : 2002-07-26 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-0985",
"summary": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. \n Publish Date : 2002-09-24 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-0986",
"summary": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\" \n Publish Date : 2002-09-24 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2002-1396",
"summary": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. \n Publish Date : 2003-01-17 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.1.3",
"4.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-1783",
"summary": "CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2002-1954",
"summary": "Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-2214",
"summary": "The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long \"To\" header. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2002-2215",
"summary": "The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of \"To\" addresses, which triggers an error in the rfc822_write_address function. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2002-2309",
"summary": "php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. \n Publish Date : 2002-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0097",
"summary": "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). \nPublish Date : 2003-03-03 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0166",
"summary": "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. \n Publish Date : 2003-04-02 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0172",
"summary": "Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. \n Publish Date : 2003-04-02 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.3.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0249",
"summary": "** DISPUTED ** PHP treats unknown methods such as \"PoSt\" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying \"It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.\" \n Publish Date : 2003-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2003-0442",
"summary": "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. \n Publish Date : 2003-07-24 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.2"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2003-0860",
"summary": "Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. \n Publish Date : 2003-11-17 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2003-0861",
"summary": "Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. \n Publish Date : 2003-11-17 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2003-0863",
"summary": "The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. \n Publish Date : 2003-11-17 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2003-1302",
"summary": "The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of \"\\\" (backslash) characters. \n Publish Date : 2003-12-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.2.4",
"4.3.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2003-1303",
"summary": "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. \n Publish Date : 2003-12-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2004-0542",
"summary": "PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the \"%\", \"|\", or \">\" characters to the escapeshellcmd function, or (2) the \"%\" character to the escapeshellarg function. \n Publish Date : 2004-08-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2004-0594",
"summary": "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. \nPublish Date : 2004-07-27 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.8",
"5.0.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2004-0595",
"summary": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. \nPublish Date : 2004-07-27 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.8",
"5.0.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2004-0958",
"summary": "php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. \n Publish Date : 2004-11-03 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.0.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2004-0959",
"summary": "rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the \"$_FILES\" array to be modified. \n Publish Date : 2004-11-03 Last Update Date : 2013-09-11",
"fixVersions": {
"base": [
"5.0.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2004-1019",
"summary": "The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger \"information disclosure, double-free and negative reference index array underflow\" results. \nPublish Date : 2005-01-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.10",
"5.0.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2004-1020",
"summary": "The addslashes function in PHP 4.3.9 does not properly escape a NULL (\/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. \n Publish Date : 2005-01-10 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"4.3.10",
"5.0.3"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2004-1065",
"summary": "Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. \nPublish Date : 2005-01-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.10",
"5.0.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2004-1392",
"summary": "PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. \n Publish Date : 2004-12-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-0524",
"summary": "The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. \n Publish Date : 2005-05-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.2.3",
"4.3.11",
"5.0.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-0525",
"summary": "The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. \n Publish Date : 2005-05-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.2.3",
"4.3.11",
"5.0.4"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2005-0596",
"summary": "PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. \nPublish Date : 2005-05-02 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-1042",
"summary": "Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. \n Publish Date : 2005-05-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.11"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-1043",
"summary": "exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. \nPublish Date : 2005-04-14 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.11"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2005-3054",
"summary": "fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory. \n Publish Date : 2005-09-26 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.4.1"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2005-3319",
"summary": "The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost. \n Publish Date : 2005-10-27 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-3353",
"summary": "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. \n Publish Date : 2005-11-18 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2005-3388",
"summary": "Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a \"stacked array assignment.\" \n Publish Date : 2005-11-01 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-3389",
"summary": "The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. \n Publish Date : 2005-11-01 Last Update Date : 2013-07-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-3390",
"summary": "The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart\/form-data POST request with a \"GLOBALS\" fileupload field. \n Publish Date : 2005-11-01 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1",
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-3391",
"summary": "Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext\/curl and (2) ext\/gd. \n Publish Date : 2005-11-01 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2005-3392",
"summary": "Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. \n Publish Date : 2005-11-01 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2005-3883",
"summary": "CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the \"To\" address argument. \n Publish Date : 2005-11-29 Last Update Date : 2013-08-18",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.2",
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2006-0097",
"summary": "Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. \n Publish Date : 2006-01-06 Last Update Date : 2011-08-01",
"fixVersions": {
"base": [
"4.3.11",
"4.4.3"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-0200",
"summary": "Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. \n Publish Date : 2006-01-13 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.1.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-0207",
"summary": "Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext\/session) and the (2) header function. \n Publish Date : 2006-01-13 Last Update Date : 2011-09-09",
"fixVersions": {
"base": [
"5.0.6",
"5.1.2"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-0208",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. \n Publish Date : 2006-01-13 Last Update Date : 2011-09-13",
"fixVersions": {
"base": [
"4.0.7",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.2"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2006-0996",
"summary": "Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. \n Publish Date : 2006-04-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.4.3",
"5.1.3"
]
}
},
{
"threat": "3.2",
"cveid": "CVE-2006-1014",
"summary": "Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. \n Publish Date : 2006-03-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1",
"4.2.0",
"4.3.12",
"4.4.2",
"5.0.6",
"5.1.1"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2006-1015",
"summary": "Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. \n Publish Date : 2006-03-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-1017",
"summary": "The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. \n Publish Date : 2006-03-06 Last Update Date : 2011-07-14",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.0.6",
"5.1.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-1490",
"summary": "PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue. NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents. \n Publish Date : 2006-03-29 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-1494",
"summary": "Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. \n Publish Date : 2006-04-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-1549",
"summary": "PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. \n Publish Date : 2006-04-10 Last Update Date : 2011-08-23",
"fixVersions": {
"base": [
"4.4.3",
"5.1.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-1608",
"summary": "The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:\/\/ URI. \n Publish Date : 2006-04-10 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-1990",
"summary": "Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. \n Publish Date : 2006-04-24 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.4.3",
"5.1.3"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2006-1991",
"summary": "The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. \n Publish Date : 2006-04-24 Last Update Date : 2011-06-13",
"fixVersions": {
"base": [
"5.1.3"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-2563",
"summary": "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:\/\/ request containing null characters. \n Publish Date : 2006-05-29 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.4.3",
"5.1.5"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-2660",
"summary": "Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. \n Publish Date : 2006-06-13 Last Update Date : 2010-04-02",
"fixVersions": {
"base": [
"4.0.6",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.1.5"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2006-3011",
"summary": "The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php:\/\/\" or other scheme in the third argument, which disables safe mode. \n Publish Date : 2006-06-26 Last Update Date : 2011-07-11",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-3017",
"summary": "zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. \nPublish Date : 2006-06-14 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2006-4020",
"summary": "scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. \n Publish Date : 2006-08-08 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.4",
"5.0.6",
"5.1.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-4023",
"summary": "The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. \n Publish Date : 2006-08-08 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.3.4",
"5.0.3",
"5.1.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2006-4433",
"summary": "PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation. \n Publish Date : 2006-08-28 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.3",
"5.0.6",
"5.1.3"
]
}
},
{
"threat": "7.2",
"cveid": "CVE-2006-4481",
"summary": "The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. \n Publish Date : 2006-08-31 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-4482",
"summary": "Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext\/standard\/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. \n Publish Date : 2006-08-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2006-4483",
"summary": "The cURL extension files (1) ext\/curl\/interface.c and (2) ext\/curl\/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. \n Publish Date : 2006-08-31 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-4484",
"summary": "Buffer overflow in the LWZReadByte_ function in ext\/gd\/libgd\/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. \n Publish Date : 2006-08-31 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2006-4485",
"summary": "The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read. \n Publish Date : 2006-08-31 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.1.5"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2006-4486",
"summary": "Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. \n Publish Date : 2006-08-31 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.1.6"
]
}
},
{
"threat": "3.6",
"cveid": "CVE-2006-4625",
"summary": "PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. \n Publish Date : 2006-09-12 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2006-4812",
"summary": "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend\/zend_alloc.c). \n Publish Date : 2006-10-10 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "6.2",
"cveid": "CVE-2006-5178",
"summary": "Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. \n Publish Date : 2006-10-10 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2006-5465",
"summary": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. \n Publish Date : 2006-11-03 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "7.2",
"cveid": "CVE-2006-5706",
"summary": "Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. \n Publish Date : 2006-11-03 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2006-6383",
"summary": "PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a \";\" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. \n Publish Date : 2006-12-10 Last Update Date : 2008-11-15",
"fixVersions": {
"base": [
"5.2.1",
"5.4.1"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2006-7204",
"summary": "The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. \n Publish Date : 2007-05-22 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2006-7243",
"summary": "PHP before 5.3.4 accepts the \\0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\\0.jpg at the end of the argument to the file_exists function. \n Publish Date : 2011-01-18 Last Update Date : 2014-03-25",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.18",
"5.3.4"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2007-0448",
"summary": "The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. \n Publish Date : 2007-05-24 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-0905",
"summary": "PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. \n Publish Date : 2007-02-13 Last Update Date : 2008-11-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-0906",
"summary": "Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). \n Publish Date : 2007-02-13 Last Update Date : 2011-09-20",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-0907",
"summary": "Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. \n Publish Date : 2007-02-13 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-0908",
"summary": "The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. \n Publish Date : 2007-02-13 Last Update Date : 2011-06-06",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-0909",
"summary": "Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. \n Publish Date : 2007-02-13 Last Update Date : 2010-09-15",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2007-0910",
"summary": "Unspecified vulnerability in PHP before 5.2.1 allows attackers to \"clobber\" certain super-global variables via unspecified vectors. \n Publish Date : 2007-02-13 Last Update Date : 2011-03-10",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-0911",
"summary": "Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). \n Publish Date : 2007-02-13 Last Update Date : 2008-11-15",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-0988",
"summary": "The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an \"a:2147483649:{\" argument. \n Publish Date : 2007-02-20 Last Update Date : 2011-05-25",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1001",
"summary": "Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. \n Publish Date : 2007-04-05 Last Update Date : 2011-09-08",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-1285",
"summary": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. \n Publish Date : 2007-03-06 Last Update Date : 2010-11-30",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1286",
"summary": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. \n Publish Date : 2007-03-06 Last Update Date : 2010-11-30",
"fixVersions": {
"base": [
"4.4.5"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-1287",
"summary": "A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. \n Publish Date : 2007-03-06 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-1375",
"summary": "Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. \n Publish Date : 2007-03-09 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1376",
"summary": "The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. \n Publish Date : 2007-03-09 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.6",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2007-1378",
"summary": "The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments. \n Publish Date : 2007-03-09 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2007-1379",
"summary": "The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code. \n Publish Date : 2007-03-09 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-1380",
"summary": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. \n Publish Date : 2007-03-09 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.6",
"cveid": "CVE-2007-1381",
"summary": "The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. \n Publish Date : 2007-03-09 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.0.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1396",
"summary": "The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor. \n Publish Date : 2007-03-10 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2007-1399",
"summary": "Stack-based buffer overflow in the zip:\/\/ URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:\/\/ URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. \n Publish Date : 2007-03-10 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "6.9",
"cveid": "CVE-2007-1401",
"summary": "Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. \n Publish Date : 2007-03-10 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1411",
"summary": "Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. \n Publish Date : 2007-03-10 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7",
"5.4.1"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-1412",
"summary": "The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. \n Publish Date : 2007-03-12 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1413",
"summary": "Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). \n Publish Date : 2007-03-12 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7",
"5.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-1452",
"summary": "The FDF support (ext\/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext\/filter, which allows remote attackers to bypass web site filters via an application\/vnd.fdf formatted POST. \n Publish Date : 2007-03-14 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1453",
"summary": "Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext\/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. \n Publish Date : 2007-03-14 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-1454",
"summary": "ext\/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. \n Publish Date : 2007-03-14 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-1460",
"summary": "The zip:\/\/ URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. \n Publish Date : 2007-03-14 Last Update Date : 2011-05-24",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.2.2"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-1461",
"summary": "The compress.bzip2:\/\/ URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. \n Publish Date : 2007-03-14 Last Update Date : 2011-07-13",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "5.4",
"cveid": "CVE-2007-1475",
"summary": "Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. \n Publish Date : 2007-03-16 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2007-1484",
"summary": "The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. \n Publish Date : 2007-03-16 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1521",
"summary": "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. \n Publish Date : 2007-03-20 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.4.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1522",
"summary": "Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. \n Publish Date : 2007-03-20 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2007-1581",
"summary": "The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. \n Publish Date : 2007-03-21 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.14",
"5.3.3"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1582",
"summary": "The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext\/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. \n Publish Date : 2007-03-21 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1583",
"summary": "The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. \n Publish Date : 2007-03-21 Last Update Date : 2010-11-30",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1584",
"summary": "Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\\0' characters in whitespace that precedes the string. \n Publish Date : 2007-03-21 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-1649",
"summary": "PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. \n Publish Date : 2007-03-23 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1700",
"summary": "The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. \n Publish Date : 2007-03-26 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1701",
"summary": "PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with \"_SESSION|s:39:\". \n Publish Date : 2007-03-26 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.4.5",
"5.2.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-1709",
"summary": "Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. \n Publish Date : 2007-03-26 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-1710",
"summary": "The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a \"php:\/\/..\/..\/\" sequence. \n Publish Date : 2007-03-26 Last Update Date : 2013-08-03",
"fixVersions": {
"base": [
"4.4.5",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1711",
"summary": "Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). \n Publish Date : 2007-03-26 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.4.7"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-1717",
"summary": "The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed. \n Publish Date : 2007-03-27 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-1718",
"summary": "CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a \"\\r\\n\\t\\n\" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. \n Publish Date : 2007-03-27 Last Update Date : 2013-08-13",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1777",
"summary": "Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. \n Publish Date : 2007-03-29 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2007-1824",
"summary": "Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php:\/\/filter\/ URL that has a name ending in the '.' character. \n Publish Date : 2007-04-02 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1825",
"summary": "Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3. \n Publish Date : 2007-04-02 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2007-1835",
"summary": "PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. \n Publish Date : 2007-04-02 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1864",
"summary": "Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. \n Publish Date : 2007-05-08 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.4.7",
"5.2.2"
]
}
},
{
"threat": "7.8",
"cveid": "CVE-2007-1883",
"summary": "PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1884",
"summary": "Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1885",
"summary": "Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-1886",
"summary": "Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an \"off by one overflow.\" \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.4.6",
"5.2.2"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1887",
"summary": "Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1888",
"summary": "Buffer overflow in the sqlite_decode_binary function in src\/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2",
"5.4.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1889",
"summary": "Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-1890",
"summary": "Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. \n Publish Date : 2007-04-05 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.5",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-1900",
"summary": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext\/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string. \n Publish Date : 2007-04-10 Last Update Date : 2009-03-04",
"fixVersions": {
"base": [
"5.2.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-2369",
"summary": "Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. \n Publish Date : 2007-04-30 Last Update Date : 2008-11-15",
"fixVersions": {
"base": [
"4.01.3",
"4.2.4"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2007-2509",
"summary": "CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. \n Publish Date : 2007-05-08 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2007-2510",
"summary": "Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to \"\/\" (slash) characters. \n Publish Date : 2007-05-08 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "7.2",
"cveid": "CVE-2007-2511",
"summary": "Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. \n Publish Date : 2007-05-08 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.1"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2007-2727",
"summary": "The mcrypt_create_iv function in ext\/mcrypt\/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. \n Publish Date : 2007-05-16 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.3"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-2748",
"summary": "The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. \n Publish Date : 2007-05-17 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.2"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2007-2844",
"summary": "PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. \n Publish Date : 2007-05-24 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.7",
"5.0.6",
"5.1.7",
"5.2.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-2872",
"summary": "Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. \n Publish Date : 2007-06-04 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.4.8",
"5.0.6",
"5.1.7",
"5.2.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-3007",
"summary": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. \n Publish Date : 2007-06-04 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-3294",
"summary": "Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. \n Publish Date : 2007-06-20 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-3378",
"summary": "The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. \n Publish Date : 2007-06-29 Last Update Date : 2010-11-22",
"fixVersions": {
"base": [
"4.4.8",
"5.2.4"
]
}
},
{
"threat": "5.8",
"cveid": "CVE-2007-3790",
"summary": "The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. \n Publish Date : 2007-07-15 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-3799",
"summary": "The session_start function in ext\/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. \n Publish Date : 2007-07-16 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.8",
"5.0.6",
"5.1.7",
"5.2.15"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-3806",
"summary": "The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. \n Publish Date : 2007-07-16 Last Update Date : 2012-11-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-3996",
"summary": "Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. \n Publish Date : 2007-09-04 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-3997",
"summary": "The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. \n Publish Date : 2007-09-04 Last Update Date : 2009-09-16",
"fixVersions": {
"base": [
"4.4.8",
"5.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-3998",
"summary": "The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, \"\"' argument set. \n Publish Date : 2007-09-04 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.4.8",
"5.2.4"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-4010",
"summary": "The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. \n Publish Date : 2007-07-25 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4033",
"summary": "Buffer overflow in the intT1_EnvGetCompletePath function in lib\/t1lib\/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. \n Publish Date : 2007-07-27 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.1.2",
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4255",
"summary": "Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. \n Publish Date : 2007-08-08 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "4.6",
"cveid": "CVE-2007-4441",
"summary": "Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. \n Publish Date : 2007-08-20 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-4507",
"summary": "Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. \n Publish Date : 2007-08-23 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-4528",
"summary": "The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. \n Publish Date : 2007-08-24 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.0.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4586",
"summary": "Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. \n Publish Date : 2007-08-28 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.1"
]
}
},
{
"threat": "4.4",
"cveid": "CVE-2007-4652",
"summary": "The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. \n Publish Date : 2007-09-04 Last Update Date : 2011-08-23",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4657",
"summary": "Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. \n Publish Date : 2007-09-04 Last Update Date : 2009-09-16",
"fixVersions": {
"base": [
"4.4.8",
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4658",
"summary": "The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. \n Publish Date : 2007-09-04 Last Update Date : 2011-06-20",
"fixVersions": {
"base": [
"4.0.8",
"4.1.3",
"4.2.4",
"4.3.12",
"4.4.8",
"5.0.6",
"5.1.7",
"5.2.15"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4659",
"summary": "The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. \n Publish Date : 2007-09-04 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4660",
"summary": "Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. \n Publish Date : 2007-09-04 Last Update Date : 2008-09-10",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4661",
"summary": "The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. \n Publish Date : 2007-09-04 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4662",
"summary": "Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. \n Publish Date : 2007-09-04 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4663",
"summary": "Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. \n Publish Date : 2007-09-04 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-4670",
"summary": "Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an \"Improved fix for MOPB-03-2007,\" probably a variant of CVE-2007-1285. \n Publish Date : 2007-09-04 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-4782",
"summary": "PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a \"*[1]e\" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. \n Publish Date : 2007-09-10 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-4783",
"summary": "The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. \n Publish Date : 2007-09-10 Last Update Date : 2009-02-05",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-4784",
"summary": "The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. \n Publish Date : 2007-09-10 Last Update Date : 2009-02-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-4825",
"summary": "Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. \n Publish Date : 2007-09-11 Last Update Date : 2009-02-05",
"fixVersions": {
"base": [
"5.2.4"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-4840",
"summary": "PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. \n Publish Date : 2007-09-12 Last Update Date : 2009-02-05",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-4850",
"summary": "curl\/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:\/\/ request containing a \\x00 sequence, a different vulnerability than CVE-2006-2563. \n Publish Date : 2008-01-24 Last Update Date : 2009-04-08",
"fixVersions": {
"base": [
"5.2.6"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-4887",
"summary": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. \n Publish Date : 2007-09-13 Last Update Date : 2009-03-04",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2007-4889",
"summary": "The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. \n Publish Date : 2007-09-13 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2007-5128",
"summary": "SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. \n Publish Date : 2007-09-27 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.0.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2007-5424",
"summary": "The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. \n Publish Date : 2007-10-12 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"4.0.1",
"5.0.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-5447",
"summary": "ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function. \n Publish Date : 2007-10-14 Last Update Date : 2008-11-15",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2007-5653",
"summary": "The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. \n Publish Date : 2007-10-23 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2007-5898",
"summary": "The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. \n Publish Date : 2007-11-20 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2007-5899",
"summary": "The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. \n Publish Date : 2007-11-20 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "6.9",
"cveid": "CVE-2007-5900",
"summary": "PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. \n Publish Date : 2007-11-20 Last Update Date : 2009-02-05",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2007-6039",
"summary": "PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. \n Publish Date : 2007-11-20 Last Update Date : 2008-09-05",
"fixVersions": {
"base": [
"5.2.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-0145",
"summary": "Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. \n Publish Date : 2008-01-08 Last Update Date : 2009-09-16",
"fixVersions": {
"base": [
"4.4.8"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2008-0599",
"summary": "The init_request_info function in sapi\/cgi\/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. \n Publish Date : 2008-05-05 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2008-1384",
"summary": "Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). \n Publish Date : 2008-03-27 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.2.6"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2008-2050",
"summary": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. \n Publish Date : 2008-05-05 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.6"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2008-2051",
"summary": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\" \n Publish Date : 2008-05-05 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.6"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-2107",
"summary": "The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. \n Publish Date : 2008-05-07 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.4.8",
"5.0.6",
"5.1.7",
"5.2.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-2108",
"summary": "The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. \n Publish Date : 2008-05-07 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.4.8",
"5.0.6",
"5.1.7",
"5.2.5"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-2371",
"summary": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.",
"fixVersions": {
"base": [
"5.2.7"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2008-2665",
"summary": "Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. \n Publish Date : 2008-06-19 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.2.7"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2008-2666",
"summary": "Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ..\/ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. \n Publish Date : 2008-06-19 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.7"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2008-2829",
"summary": "php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an \"rfc822.c legacy routine buffer overflow\" error message, related to the rfc822_write_address function. \n Publish Date : 2008-06-23 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.0.1",
"5.2.7"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-3658",
"summary": "Buffer overflow in the imageloadfont function in ext\/gd\/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. \n Publish Date : 2008-08-14 Last Update Date : 2013-08-01",
"fixVersions": {
"base": [
"4.4.9",
"5.2.7"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2008-3659",
"summary": "Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. \n Publish Date : 2008-08-14 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.4.9",
"5.2.7"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2008-3660",
"summary": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. \n Publish Date : 2008-08-14 Last Update Date : 2012-10-30",
"fixVersions": {
"base": [
"4.4.9",
"5.2.7"
]
}
},
{
"threat": "5.1",
"cveid": "CVE-2008-4107",
"summary": "The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102. \n Publish Date : 2008-09-18 Last Update Date : 2012-10-29",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.9",
"5.0.6",
"5.1.7",
"5.2.6"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2008-5498",
"summary": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. \n Publish Date : 2008-12-26 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.9"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2008-5557",
"summary": "Heap-based buffer overflow in ext\/mbstring\/libmbfl\/filters\/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. \n Publish Date : 2008-12-23 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.7"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-5624",
"summary": "PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of \/etc for the error_log variable. \n Publish Date : 2008-12-17 Last Update Date : 2009-10-31",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.8"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-5625",
"summary": "PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a \"php_value error_log\" entry in a .htaccess file. \n Publish Date : 2008-12-17 Last Update Date : 2009-10-31",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.7"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-5658",
"summary": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. \n Publish Date : 2008-12-17 Last Update Date : 2009-10-31",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.7"
]
}
},
{
"threat": "2.6",
"cveid": "CVE-2008-5814",
"summary": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. \n Publish Date : 2009-01-02 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.8"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2008-5844",
"summary": "PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks. \n Publish Date : 2009-01-05 Last Update Date : 2009-05-14",
"fixVersions": {
"base": [
"5.2.8"
]
}
},
{
"threat": "7.2",
"cveid": "CVE-2008-7002",
"summary": "PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as \"C:\" drive notation. \n Publish Date : 2009-08-19 Last Update Date : 2009-08-19",
"fixVersions": {
"base": [
"5.2.6"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2008-7068",
"summary": "The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. \n Publish Date : 2009-08-25 Last Update Date : 2009-08-25",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.2.7"
]
}
},
{
"threat": "2.1",
"cveid": "CVE-2009-0754",
"summary": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. \n Publish Date : 2009-03-03 Last Update Date : 2010-08-21",
"fixVersions": {
"base": [
"4.4.5",
"5.1.7"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2009-1271",
"summary": "The JSON_parser function (ext\/json\/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. \n Publish Date : 2009-04-08 Last Update Date : 2009-09-16",
"fixVersions": {
"base": [
"5.2.9"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2009-1272",
"summary": "The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. \n Publish Date : 2009-04-08 Last Update Date : 2009-09-16",
"fixVersions": {
"base": [
"5.2.9"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2009-2626",
"summary": "The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. \n Publish Date : 2009-12-01 Last Update Date : 2009-12-19",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11",
"5.3.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2009-2687",
"summary": "The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. \n Publish Date : 2009-08-05 Last Update Date : 2011-07-18",
"fixVersions": {
"base": [
"5.2.11"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2009-3291",
"summary": "The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. \n Publish Date : 2009-09-22 Last Update Date : 2011-09-06",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2009-3292",
"summary": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\" \n Publish Date : 2009-09-22 Last Update Date : 2011-09-06",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2009-3293",
"summary": "Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect \"sanity check for the color index.\" \n Publish Date : 2009-09-22 Last Update Date : 2011-09-06",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2009-3294",
"summary": "The popen API function in TSRM\/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) \"e\" or (2) \"er\" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. \n Publish Date : 2009-09-22 Last Update Date : 2009-11-25",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11"
]
}
},
{
"threat": "9.3",
"cveid": "CVE-2009-3546",
"summary": "The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. \n Publish Date : 2009-10-19 Last Update Date : 2011-08-25",
"fixVersions": {
"base": [
"5.2.12",
"5.3.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2009-3557",
"summary": "The tempnam function in ext\/standard\/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. \n Publish Date : 2009-11-23 Last Update Date : 2011-07-18",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.4",
"5.1.2",
"5.2.12",
"5.3.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2009-3558",
"summary": "The posix_mkfifo function in ext\/posix\/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. \n Publish Date : 2009-11-23 Last Update Date : 2010-04-01",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.4",
"5.1.2",
"5.2.11",
"5.3.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2009-3559",
"summary": "** DISPUTED ** main\/streams\/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy. \n Publish Date : 2009-11-23 Last Update Date : 2010-04-01",
"fixVersions": {
"base": [
"5.3.1"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2009-4017",
"summary": "PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart\/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. \n Publish Date : 2009-11-23 Last Update Date : 2011-07-18",
"fixVersions": {
"base": [
"5.2.12",
"5.3.1"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2009-4018",
"summary": "The proc_open function in ext\/standard\/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. \n Publish Date : 2009-11-29 Last Update Date : 2011-07-18",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11",
"5.3.1"
]
}
},
{
"threat": "4.3",
"cveid": "CVE-2009-4142",
"summary": "The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. \n Publish Date : 2009-12-21 Last Update Date : 2011-07-18",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.12"
]
}
},
{
"threat": "10.0",
"cveid": "CVE-2009-4143",
"summary": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. \n Publish Date : 2009-12-21 Last Update Date : 2011-07-18",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.12"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2009-4418",
"summary": "The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. \n Publish Date : 2009-12-24 Last Update Date : 2009-12-28",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.12",
"5.3.1"
]
}
},
{
"threat": "6.8",
"cveid": "CVE-2009-5016",
"summary": "Integer overflow in the xml_utf8_decode function in ext\/xml\/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. \n Publish Date : 2010-11-12 Last Update Date : 2011-02-23",
"fixVersions": {
"base": [
"4.0.8",
"4.1.4",
"4.2.5",
"4.3.12",
"4.4.10",
"5.0.6",
"5.1.7",
"5.2.11"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2010-0397",
"summary": "The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument. \n Publish Date : 2010-03-16 Last Update Date : 2010-12-10",
"fixVersions": {
"base": [
"5.3.2"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2010-1128",
"summary": "The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. \n Publish Date : 2010-03-26 Last Update Date : 2010-12-10",
"fixVersions": {
"base": [
"5.2.13"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2010-1129",
"summary": "The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing \/ (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. \n Publish Date : 2010-03-26 Last Update Date : 2010-08-31",
"fixVersions": {
"base": [
"5.2.13"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2010-1130",
"summary": "session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). \n Publish Date : 2010-03-26 Last Update Date : 2010-06-08",
"fixVersions": {
"base": [
"5.0.6",
"5.1.7",
"5.2.14",
"5.3.2"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2010-1860",
"summary": "The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. \n Publish Date : 2010-05-07 Last Update Date : 2010-12-07",
"fixVersions": {
"base": [
"5.2.14",
"5.3.3"
]
}
},
{
"threat": "6.4",
"cveid": "CVE-2010-1861",
"summary": "The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. \n Publish Date : 2010-05-07 Last Update Date : 2010-05-10",
"fixVersions": {
"base": [
"5.2.14",
"5.3.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2010-1862",
"summary": "The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. \n Publish Date : 2010-05-07 Last Update Date : 2010-12-07",
"fixVersions": {
"base": [
"5.2.14",
"5.3.3"
]
}
},
{
"threat": "5.0",
"cveid": "CVE-2010-1864",
"summary": "The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. \n Publish Date : 2010-05-07 Last Update Date : 2010-12-07",
"fixVersions": {
"base": [
"5.2.14",
"5.3.3"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2010-1866",
"summary": "The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. \n Publish Date : 2010-05-07 Last Update Date : 2010-09-30",
"fixVersions": {
"base": [
"5.3.3"
]
}
},
{