Php Security Vulnerabilities and Issues — Php CVE List

Lucene search

PhpPhp

10 matches found

CVE•added 2007/05/09 12:19 a.m.•102 views

CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5CVSS7.6AI score0.05482EPSS

CVE•added 2007/05/09 12:19 a.m.•75 views

CVE-2007-2509

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

2.6CVSS7.6AI score0.03926EPSS

CVE•added 2007/05/09 12:19 a.m.•75 views

CVE-2007-2510

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

5.1CVSS7.7AI score0.03379EPSS

CVE•added 2007/05/24 6:30 p.m.•65 views

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

9.3CVSS7AI score0.00884EPSS

CVE•added 2007/05/09 12:19 a.m.•63 views

CVE-2007-2511

Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

7.2CVSS7.5AI score0.00096EPSS

CVE•added 2007/05/24 6:30 p.m.•58 views

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

10CVSS6.4AI score0.02211EPSS

CVE•added 2007/05/17 8:30 p.m.•58 views

CVE-2007-2748

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

4.3CVSS7.2AI score0.13879EPSS

CVE•added 2007/05/16 10:30 p.m.•57 views

CVE-2007-2727

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to dec...

2.6CVSS7.5AI score0.00579EPSS

CVE•added 2007/05/16 10:30 p.m.•57 views

CVE-2007-2728

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.

5CVSS6.3AI score0.01266EPSS

CVE•added 2007/05/22 7:30 p.m.•40 views

CVE-2006-7204

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

2.1CVSS6.4AI score0.00312EPSS