Vulnerabilities > PHP > PHP > 4.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-13 | CVE-2007-0910 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. | 10.0 |
2007-02-13 | CVE-2007-0909 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | 7.5 |
2007-02-13 | CVE-2007-0908 | Improper Input Validation vulnerability in multiple products The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. | 5.0 |
2007-02-13 | CVE-2007-0907 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | 5.0 |
2007-02-13 | CVE-2007-0906 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. | 7.5 |
2007-02-13 | CVE-2007-0905 | Multiple vulnerability in PHP 5.2.0 and Prior Versions PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. | 7.5 |
2007-01-30 | CVE-2007-0455 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. | 7.5 |
2006-11-04 | CVE-2006-5706 | Local Security vulnerability in PHP Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. | 7.2 |
2006-11-04 | CVE-2006-5465 | Buffer Overflow vulnerability in PHP HTMLEntities HTMLSpecialChars Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | 7.5 |
2006-10-10 | CVE-2006-5178 | Race Condition vulnerability in PHP Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. | 6.2 |