Vulnerabilities > PHP > PHP > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-12-10 CVE-2006-6383 Improper Input Validation vulnerability in PHP 4.4.0/5.2.0
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
local
low complexity
php CWE-20
4.6
2006-10-10 CVE-2006-5178 Race Condition vulnerability in PHP
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via ..
local
high complexity
php CWE-362
6.2
2006-08-09 CVE-2006-4023 SQL-Injection vulnerability in PHP 4.3.3/5.0.2/5.1.4
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0.
network
low complexity
php
5.0
2006-06-26 CVE-2006-3011 Permissions, Privileges, and Access Controls vulnerability in PHP
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
local
low complexity
php CWE-264
4.6
2006-04-24 CVE-2006-1991 Resource Management Errors vulnerability in PHP 5.1.2
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
network
low complexity
php CWE-399
6.4
2006-04-24 CVE-2006-1990 Unspecified vulnerability in PHP 4.4.2/5.1.2
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
network
low complexity
php
5.0
2006-04-10 CVE-2006-0996 Cross-Site Scripting vulnerability in PHP 4.4.2/5.1.2
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
network
php CWE-79
4.3
2006-03-07 CVE-2006-1015 Security Bypass vulnerability in PHP
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments.
network
low complexity
php
6.4
2006-01-13 CVE-2006-0207 Code Injection vulnerability in PHP
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
network
low complexity
php CWE-94
5.0
2005-11-29 CVE-2005-3883 Unspecified vulnerability in PHP
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
network
low complexity
php
5.0