PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2012-2688
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
CVE-2012-3365
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
CVE-2012-2386
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
CVE-2012-2386
Integer overflow in the phar_parse_tarfile function in tar.c in the ph ...
CVE-2012-2386
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
BDU:2022-02621
Уязвимость функции phar_parse_tarfile интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
CVE-2012-2143
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
CVE-2012-2143
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ...
CVE-2012-2143
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
BDU:2022-02629
Уязвимость функции crypt_des операционной системы FreeBSD, позволяющая нарушителю повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-2688 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." | CVSS2: 4.4 | 33% Средний | больше 13 лет назад |
| CVE-2012-3365 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | CVSS2: 5 | 1% Низкий | больше 13 лет назад |
 | CVE-2012-2386 Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. | CVSS2: 7.5 | 23% Средний | больше 13 лет назад |
| CVE-2012-2386 Integer overflow in the phar_parse_tarfile function in tar.c in the ph ... | CVSS2: 7.5 | 23% Средний | больше 13 лет назад |
 | CVE-2012-2386 Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. | CVSS2: 7.5 | 23% Средний | больше 13 лет назад |
 | BDU:2022-02621 Уязвимость функции phar_parse_tarfile интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 5.6 | 23% Средний | больше 13 лет назад |
| CVE-2012-2143 The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | CVSS2: 4.3 | 8% Низкий | больше 13 лет назад |
| CVE-2012-2143 The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ... | CVSS2: 4.3 | 8% Низкий | больше 13 лет назад |
| CVE-2012-2143 The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | CVSS2: 4.3 | 8% Низкий | больше 13 лет назад |
| BDU:2022-02629 Уязвимость функции crypt_des операционной системы FreeBSD, позволяющая нарушителю повысить свои привилегии | CVSS3: 3.7 | 8% Низкий | больше 13 лет назад |
Уязвимостей на страницу