Vulnerabilities > PHP > PHP > 5.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-13 | CVE-2007-0907 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | 5.0 |
2007-02-13 | CVE-2007-0906 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. | 7.5 |
2007-02-13 | CVE-2007-0905 | Multiple vulnerability in PHP 5.2.0 and Prior Versions PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. | 7.5 |
2006-11-04 | CVE-2006-5706 | Local Security vulnerability in PHP Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. | 7.2 |
2006-11-04 | CVE-2006-5465 | Buffer Overflow vulnerability in PHP HTMLEntities HTMLSpecialChars Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | 7.5 |
2006-10-10 | CVE-2006-5178 | Race Condition vulnerability in PHP Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. | 6.2 |
2006-10-10 | CVE-2006-4812 | Code Injection vulnerability in PHP Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). | 10.0 |
2006-09-12 | CVE-2006-4625 | Unspecified vulnerability in PHP PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. | 3.6 |
2006-06-26 | CVE-2006-3011 | Permissions, Privileges, and Access Controls vulnerability in PHP The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | 4.6 |