PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 799

CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
CVE-2007-4783
The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial ...
CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent at ...

CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ...

CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.

CVE-2007-4657
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

CVE-2007-4660
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
---|---|---|---|---|
![]() | CVE-2007-4784 The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | CVSS2: 5 | 1% Низкий | почти 18 лет назад |
CVE-2007-4783 The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ... | CVSS2: 5 | 1% Низкий | почти 18 лет назад | |
CVE-2007-4782 PHP before 5.2.3 allows context-dependent attackers to cause a denial ... | CVSS2: 5 | 3% Низкий | почти 18 лет назад | |
CVE-2007-4784 The setlocale function in PHP before 5.2.4 allows context-dependent at ... | CVSS2: 5 | 1% Низкий | почти 18 лет назад | |
![]() | CVE-2007-4782 PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | CVSS2: 5 | 3% Низкий | почти 18 лет назад |
![]() | CVE-2007-4670 Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | CVSS2: 5 | 3% Низкий | почти 18 лет назад |
CVE-2007-4670 Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ... | CVSS2: 5 | 3% Низкий | почти 18 лет назад | |
![]() | CVE-2007-4670 Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | CVSS2: 5 | 3% Низкий | почти 18 лет назад |
![]() | CVE-2007-4657 Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
![]() | CVE-2007-4660 Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
Уязвимостей на страницу