Vulnerabilities > PHP > PHP > 5.2.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-06-16 | CVE-2011-2202 | Permissions, Privileges, and Access Controls vulnerability in PHP The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." | 6.4 |
| 2011-03-20 | CVE-2011-1470 | Improper Input Validation vulnerability in PHP The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. | 4.3 |
| 2011-03-20 | CVE-2011-1469 | Remote Denial of Service vulnerability in PHP Stream Component Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. network php | 4.3 |
| 2011-03-20 | CVE-2011-1468 | Resource Management Errors vulnerability in PHP Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. | 4.3 |
| 2011-03-20 | CVE-2011-1467 | Denial of Service vulnerability in PHP 'Intl' Extension 'NumberFormatter::setSymbol()' Function Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. | 5.0 |
| 2011-03-20 | CVE-2011-1466 | Numeric Errors vulnerability in PHP Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. | 5.0 |
| 2011-03-20 | CVE-2011-1464 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. | 4.3 |
| 2011-03-20 | CVE-2011-0708 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. | 4.3 |
| 2011-03-20 | CVE-2011-0421 | Denial Of Service vulnerability in libzip '_zip_name_locate()' NULL Pointer Dereference The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. network php | 4.3 |
| 2011-03-18 | CVE-2011-1148 | Resource Management Errors vulnerability in PHP Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. | 7.5 |