Information Disclosure

PHP is vulnerable to Information Disclosure. Reading past the allocated buffer is possible when using certain mbstring functions to convert multi-byte encodings...

Cross-Site Scripting (XSS)

php is vulnerable to cross-site scripting XSS. It was discovered that PHP's htmlspecialchars function did not properly recognize partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use this flaw to perform a cross-site...

Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-2687 php: exifreaddata crash on corrupted JPEG files CVE-2009-3292 php: exif extension: Multiple missing sanity checks in EXIF file processing CVE-2009-3291 php: openssl extension: Incorrect verification of SSL certificate with NUL in name CVE-2009-3546 gd: insufficient input validation ...

CVE-2006-2753

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...