PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 863
CVE-2007-3799
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...
CVE-2007-3799
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVE-2007-3790
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
CVE-2007-3790
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ...
CVE-2007-3790
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
CVE-2007-3378
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
CVE-2007-3378
The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...
CVE-2007-3378
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
CVE-2007-3294
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
CVE-2007-3294
Multiple buffer overflows in libtidy, as used in the Tidy extension fo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ... | CVSS2: 4.3 | 16% Средний | около 18 лет назад |
 | CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. | CVSS2: 4.3 | 16% Средний | около 18 лет назад |
 | CVE-2007-3790 The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | CVSS2: 5.8 | 2% Низкий | около 18 лет назад |
| CVE-2007-3790 The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ... | CVSS2: 5.8 | 2% Низкий | около 18 лет назад |
| CVE-2007-3790 The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | CVSS2: 5.8 | 2% Низкий | около 18 лет назад |
| CVE-2007-3378 The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | CVSS2: 6.8 | 4% Низкий | около 18 лет назад |
| CVE-2007-3378 The (1) session_save_path, (2) ini_set, and (3) error_log functions in ... | CVSS2: 6.8 | 4% Низкий | около 18 лет назад |
| CVE-2007-3378 The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | CVSS2: 6.8 | 4% Низкий | около 18 лет назад |
| CVE-2007-3294 Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. | CVSS2: 7.5 | 5% Низкий | около 18 лет назад |
| CVE-2007-3294 Multiple buffer overflows in libtidy, as used in the Tidy extension fo ... | CVSS2: 7.5 | 5% Низкий | около 18 лет назад |
Уязвимостей на страницу