Vulnerabilities > PHP > PHP > 1.3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-29 | CVE-2009-4018 | Permissions, Privileges, and Access Controls vulnerability in PHP The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. | 7.5 |
| 2009-11-23 | CVE-2009-3558 | Permissions, Privileges, and Access Controls vulnerability in PHP The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. | 6.8 |
| 2009-11-23 | CVE-2009-3557 | Permissions, Privileges, and Access Controls vulnerability in PHP The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | 5.0 |
| 2009-09-22 | CVE-2009-3293 | Unspecified vulnerability in PHP Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." | 7.5 |
| 2009-09-22 | CVE-2009-3292 | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." | 7.5 |
| 2009-09-22 | CVE-2009-3291 | Improper Input Validation vulnerability in PHP The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. | 7.5 |
| 2009-01-02 | CVE-2008-5814 | Cross-Site Scripting vulnerability in PHP Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2008-12-26 | CVE-2008-5498 | Information Exposure vulnerability in PHP Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. | 5.0 |
| 2008-12-17 | CVE-2008-5658 | Path Traversal vulnerability in PHP Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. | 7.5 |
| 2008-12-17 | CVE-2008-5625 | Permissions, Privileges, and Access Controls vulnerability in PHP PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. | 7.5 |