Vulnerabilities > PHP > PHP > 5.2.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-09 | CVE-2014-3478 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. | 5.0 |
| 2014-02-18 | CVE-2014-2020 | Numeric Errors vulnerability in PHP ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | 5.0 |
| 2014-02-15 | CVE-2012-1171 | Information Exposure vulnerability in PHP The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | 5.0 |
| 2013-06-21 | CVE-2013-4635 | Numeric Errors vulnerability in PHP Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. | 5.0 |
| 2013-06-21 | CVE-2013-2110 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. | 5.0 |
| 2012-08-30 | CVE-2011-1398 | Improper Input Validation vulnerability in PHP The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. | 4.3 |
| 2012-08-06 | CVE-2012-3450 | Unspecified vulnerability in PHP pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | 2.6 |
| 2012-07-20 | CVE-2012-3365 | Permissions, Privileges, and Access Controls vulnerability in PHP The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | 5.0 |
| 2012-07-20 | CVE-2012-2688 | Buffer Overflow vulnerability in PHP '_php_stream_scandir()' Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." | 10.0 |
| 2012-05-24 | CVE-2012-1172 | Improper Input Validation vulnerability in PHP The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. | 5.8 |