Vulnerabilities > PHP > PHP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-10 | CVE-2006-6383 | Improper Input Validation vulnerability in PHP 4.4.0/5.2.0 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | 4.6 |
2006-10-10 | CVE-2006-5178 | Race Condition vulnerability in PHP Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. | 6.2 |
2006-08-09 | CVE-2006-4023 | SQL-Injection vulnerability in PHP 4.3.3/5.0.2/5.1.4 The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. | 5.0 |
2006-06-26 | CVE-2006-3011 | Permissions, Privileges, and Access Controls vulnerability in PHP The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | 4.6 |
2006-04-24 | CVE-2006-1991 | Resource Management Errors vulnerability in PHP 5.1.2 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | 6.4 |
2006-04-24 | CVE-2006-1990 | Unspecified vulnerability in PHP 4.4.2/5.1.2 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | 5.0 |
2006-04-10 | CVE-2006-0996 | Cross-Site Scripting vulnerability in PHP 4.4.2/5.1.2 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | 4.3 |
2006-03-07 | CVE-2006-1015 | Security Bypass vulnerability in PHP Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. | 6.4 |
2006-01-13 | CVE-2006-0207 | Code Injection vulnerability in PHP Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | 5.0 |
2005-11-29 | CVE-2005-3883 | Unspecified vulnerability in PHP CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | 5.0 |