SUSE CVE-2004-0958

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...

SUSE CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting XSS attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388...