PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 866
CVE-2010-4700
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...
CVE-2010-4699
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
CVE-2010-4699
The iconv_mime_decode_headers function in the Iconv extension in PHP b ...
CVE-2010-4698
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.
CVE-2010-4698
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...
CVE-2010-4697
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.
CVE-2010-4697
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...
CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might a ...
CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2010-4700 The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ... | CVSS2: 6.8 | 0% Низкий | больше 14 лет назад |
 | CVE-2010-4699 The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. | CVSS2: 5 | 0% Низкий | больше 14 лет назад |
| CVE-2010-4699 The iconv_mime_decode_headers function in the Iconv extension in PHP b ... | CVSS2: 5 | 0% Низкий | больше 14 лет назад |
| CVE-2010-4698 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. | CVSS2: 5 | 7% Низкий | больше 14 лет назад |
| CVE-2010-4698 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ... | CVSS2: 5 | 7% Низкий | больше 14 лет назад |
| CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. | CVSS2: 6.8 | 2% Низкий | больше 14 лет назад |
| CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ... | CVSS2: 6.8 | 2% Низкий | больше 14 лет назад |
| CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | CVSS2: 5 | 2% Низкий | больше 14 лет назад |
| CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might a ... | CVSS2: 5 | 2% Низкий | больше 14 лет назад |
 | CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | CVSS2: 5 | 2% Низкий | больше 14 лет назад |
Уязвимостей на страницу