Vulnerabilities > PHP > PHP > 5.2.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-23 | CVE-2009-3558 | Permissions, Privileges, and Access Controls vulnerability in PHP The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. | 6.8 |
2009-11-23 | CVE-2009-3557 | Permissions, Privileges, and Access Controls vulnerability in PHP The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | 5.0 |
2009-09-22 | CVE-2009-3294 | Use of Externally-Controlled Format String vulnerability in PHP The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. | 5.0 |
2009-09-22 | CVE-2009-3293 | Unspecified vulnerability in PHP Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." | 7.5 |
2009-09-22 | CVE-2009-3292 | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." | 7.5 |
2009-09-22 | CVE-2009-3291 | Improper Input Validation vulnerability in PHP The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. | 7.5 |
2009-04-08 | CVE-2009-1272 | Improper Input Validation vulnerability in PHP The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. | 5.0 |
2009-04-08 | CVE-2009-1271 | Unspecified vulnerability in PHP The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. | 5.0 |
2009-01-02 | CVE-2008-5814 | Cross-Site Scripting vulnerability in PHP Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2008-12-26 | CVE-2008-5498 | Information Exposure vulnerability in PHP Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. | 5.0 |