PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...

Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...

Unspecified vulnerability in the chunk_split function in PHP before 5. ...

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...

The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...

The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.