Vulnerabilities > PHP > PHP > 3.0.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-04 | CVE-2007-4663 | Path Traversal vulnerability in PHP Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | 7.5 |
| 2007-09-04 | CVE-2007-4662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | 7.5 |
| 2007-09-04 | CVE-2007-4660 | Resource Management Errors vulnerability in PHP Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | 7.5 |
| 2007-09-04 | CVE-2007-4659 | Unspecified vulnerability in PHP The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | 7.5 |
| 2007-09-04 | CVE-2007-4652 | Link Following vulnerability in PHP The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | 4.4 |
| 2007-09-04 | CVE-2007-3996 | Numeric Errors vulnerability in PHP Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. | 6.8 |
| 2007-08-29 | CVE-2007-4586 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. | 7.5 |
| 2007-08-21 | CVE-2007-4441 | Local Buffer Overflow vulnerability in PHP Win32std Extension Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. | 4.6 |
| 2007-05-17 | CVE-2007-2748 | Information Exposure vulnerability in PHP The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | 4.3 |
| 2007-05-09 | CVE-2007-1864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | 7.5 |