Vulnerabilities > PHP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-02-02 | CVE-2011-0752 | Improper Input Validation vulnerability in PHP The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. | 5.0 |
2011-01-18 | CVE-2010-4700 | SQL Injection vulnerability in PHP 5.3.2/5.3.3 The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | 6.8 |
2011-01-18 | CVE-2010-4699 | Numeric Errors vulnerability in PHP The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. | 5.0 |
2011-01-18 | CVE-2010-4698 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. | 5.0 |
2011-01-18 | CVE-2010-4697 | Resource Management Errors vulnerability in PHP Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. | 6.8 |
2011-01-18 | CVE-2006-7243 | Improper Input Validation vulnerability in PHP PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | 5.0 |
2010-12-07 | CVE-2010-4150 | Resource Management Errors vulnerability in PHP Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 5.0 |
2010-12-06 | CVE-2010-4409 | Numeric Errors vulnerability in PHP Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. | 5.0 |
2010-11-12 | CVE-2009-5016 | Numeric Errors vulnerability in PHP Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. | 6.8 |
2010-11-10 | CVE-2010-4156 | Improper Input Validation vulnerability in Scottmac Libmbfl 1.1.0 The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | 5.0 |