PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2007-4840
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2007-4825
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
CVE-2007-4825
Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ...
CVE-2007-4825
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
CVE-2007-4783
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial ...
CVE-2007-4783
The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...
CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent at ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-4840 PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | CVSS2: 5 | 2% Низкий | больше 18 лет назад |
 | CVE-2007-4825 Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-4825 Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ... | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-4825 Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-4783 The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | CVSS2: 5 | 2% Низкий | больше 18 лет назад |
| CVE-2007-4782 PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | CVSS2: 5 | 3% Низкий | больше 18 лет назад |
| CVE-2007-4784 The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-4782 PHP before 5.2.3 allows context-dependent attackers to cause a denial ... | CVSS2: 5 | 3% Низкий | больше 18 лет назад |
| CVE-2007-4783 The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ... | CVSS2: 5 | 2% Низкий | больше 18 лет назад |
| CVE-2007-4784 The setlocale function in PHP before 5.2.4 allows context-dependent at ... | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу