Vulnerabilities > PHP > PHP > 5.2.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-21 | CVE-2012-2376 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. | 10.0 |
| 2012-05-11 | CVE-2012-1823 | Improper Input Validation vulnerability in PHP sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | 7.5 |
| 2012-02-14 | CVE-2012-0789 | Resource Management Errors vulnerability in PHP Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. | 5.0 |
| 2012-02-14 | CVE-2012-0788 | Improper Input Validation vulnerability in PHP The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | 5.0 |
| 2012-02-10 | CVE-2012-0831 | Improper Input Validation vulnerability in PHP PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | 6.8 |
| 2012-02-02 | CVE-2012-0057 | Permissions, Privileges, and Access Controls vulnerability in PHP PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | 6.4 |
| 2011-12-30 | CVE-2011-4885 | Improper Input Validation vulnerability in PHP PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2011-08-25 | CVE-2011-3268 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. | 10.0 |
| 2011-08-25 | CVE-2011-3267 | Resource Management Errors vulnerability in PHP PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 |
| 2011-08-25 | CVE-2011-3182 | NULL Pointer Dereference Denial Of Service vulnerability in PHP Prior to 5.3.7 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. | 5.0 |