Vulnerabilities > PHP > PHP > 5.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-31 | CVE-2006-4482 | Out-of-bounds Write vulnerability in multiple products Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. | 9.3 |
| 2006-08-31 | CVE-2006-4481 | Input Validation vulnerability in PHP The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. | 7.2 |
| 2006-08-09 | CVE-2006-4023 | SQL-Injection vulnerability in PHP 4.3.3/5.0.2/5.1.4 The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. | 5.0 |
| 2006-06-26 | CVE-2006-3011 | Permissions, Privileges, and Access Controls vulnerability in PHP The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | 4.6 |
| 2006-06-13 | CVE-2006-2660 | Unspecified vulnerability in PHP Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. | 2.1 |
| 2006-05-29 | CVE-2006-2563 | Unspecified vulnerability in PHP 4.4.2/5.1.4 The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | 2.1 |
| 2006-03-07 | CVE-2006-1017 | Unspecified vulnerability in PHP The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. | 9.3 |