Vulnerabilities > PHP > PHP > 4.4.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-17 | CVE-2007-2748 | Information Exposure vulnerability in PHP The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | 4.3 |
2007-03-20 | CVE-2007-1521 | Unspecified vulnerability in PHP Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. network php | 6.8 |
2007-03-12 | CVE-2007-1413 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). | 7.5 |
2007-03-10 | CVE-2007-1375 | Integer Overflow vulnerability in PHP 5 Substr_Compare Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | 5.0 |
2007-02-13 | CVE-2007-0910 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. | 10.0 |
2006-11-04 | CVE-2006-5706 | Local Security vulnerability in PHP Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. | 7.2 |
2006-11-04 | CVE-2006-5465 | Buffer Overflow vulnerability in PHP HTMLEntities HTMLSpecialChars Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | 7.5 |
2006-10-10 | CVE-2006-5178 | Race Condition vulnerability in PHP Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. | 6.2 |
2006-08-31 | CVE-2006-4483 | Missing Authorization vulnerability in PHP The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. | 9.3 |
2006-08-31 | CVE-2006-4482 | Out-of-bounds Write vulnerability in multiple products Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. | 9.3 |