PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2007-5653
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
CVE-2007-5653
The Component Object Model (COM) functions in PHP 5.x on Windows do no ...
CVE-2007-5447
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows attackers to bypas ...
CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
CVE-2008-2829
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
CVE-2007-5128
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
CVE-2007-4889
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
CVE-2007-4889
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-5653 The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. | CVSS2: 9.3 | 3% Низкий | больше 18 лет назад |
| CVE-2007-5653 The Component Object Model (COM) functions in PHP 5.x on Windows do no ... | CVSS2: 9.3 | 3% Низкий | больше 18 лет назад |
| CVE-2007-5447 ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function. | CVSS2: 4.3 | 4% Низкий | больше 18 лет назад |
| CVE-2007-5424 The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-5424 The disable_functions feature in PHP 4 and 5 allows attackers to bypas ... | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад |
 | CVE-2007-5424 The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад |
 | CVE-2008-2829 php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. | 10% Низкий | больше 18 лет назад | |
| CVE-2007-5128 SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-4889 The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад |
| CVE-2007-4889 The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ... | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу