Vulnerabilities > PHP > PHP > 2.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-20 | CVE-2007-5900 | Permissions, Privileges, and Access Controls vulnerability in PHP PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. | 6.9 |
| 2007-11-20 | CVE-2007-5898 | Unspecified vulnerability in PHP The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. | 6.4 |
| 2007-09-27 | CVE-2007-5128 | Improper Input Validation vulnerability in multiple products SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | 5.0 |
| 2007-09-14 | CVE-2007-4889 | Security Bypass vulnerability in PHP The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. network php | 6.8 |
| 2007-09-14 | CVE-2007-4887 | Improper Input Validation vulnerability in PHP The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. | 4.3 |
| 2007-09-12 | CVE-2007-4840 | Improper Input Validation vulnerability in PHP PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. | 5.0 |
| 2007-09-12 | CVE-2007-4825 | Path Traversal vulnerability in PHP Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. | 7.5 |
| 2007-09-10 | CVE-2007-4784 | Improper Input Validation vulnerability in PHP The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. | 5.0 |
| 2007-09-10 | CVE-2007-4783 | Improper Input Validation vulnerability in PHP The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. | 5.0 |
| 2007-09-10 | CVE-2007-4782 | Code Injection vulnerability in PHP PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. | 5.0 |