Vulnerabilities > PHP > PHP > 5.2.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-07 | CVE-2010-4150 | Resource Management Errors vulnerability in PHP Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 5.0 |
2010-12-06 | CVE-2010-4409 | Numeric Errors vulnerability in PHP Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. | 5.0 |
2010-11-09 | CVE-2010-3436 | Permissions, Privileges, and Access Controls vulnerability in multiple products fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. | 5.0 |
2010-10-25 | CVE-2010-3710 | Resource Management Errors vulnerability in PHP Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. | 4.3 |
2009-12-24 | CVE-2009-4418 | Numeric Errors vulnerability in PHP The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. | 5.0 |
2007-09-04 | CVE-2007-4658 | Unspecified vulnerability in PHP The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | 7.5 |
2007-07-16 | CVE-2007-3799 | Improper Input Validation vulnerability in PHP The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. | 4.3 |