PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 768
CVE-2007-1824
Buffer overflow in the php_stream_filter_create function in PHP 5 befo ...
CVE-2007-1825
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2. ...
CVE-2007-1825
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.
CVE-2007-1824
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
CVE-2007-1777
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
CVE-2007-1777
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...
CVE-2007-1777
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
CVE-2007-1717
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
CVE-2007-1718
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
CVE-2007-1718
CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-1824 Buffer overflow in the php_stream_filter_create function in PHP 5 befo ... | CVSS2: 5.1 | 2% Низкий | около 18 лет назад |
| CVE-2007-1825 Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2. ... | CVSS2: 7.5 | 4% Низкий | около 18 лет назад |
 | CVE-2007-1825 Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3. | CVSS2: 7.5 | 4% Низкий | около 18 лет назад |
| CVE-2007-1824 Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. | CVSS2: 5.1 | 2% Низкий | около 18 лет назад |
 | CVE-2007-1777 Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | CVSS2: 7.5 | 11% Средний | около 18 лет назад |
| CVE-2007-1777 Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ... | CVSS2: 7.5 | 11% Средний | около 18 лет назад |
| CVE-2007-1777 Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | CVSS2: 7.5 | 11% Средний | около 18 лет назад |
| CVE-2007-1717 The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed. | CVSS2: 5 | 13% Средний | больше 18 лет назад |
| CVE-2007-1718 CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. | CVSS2: 7.8 | 16% Средний | больше 18 лет назад |
| CVE-2007-1718 CRLF injection vulnerability in the mail function in PHP 4.0.0 through ... | CVSS2: 7.8 | 16% Средний | больше 18 лет назад |
Уязвимостей на страницу