PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 863
CVE-2007-2872
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
CVE-2007-3799
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI h ...
CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
CVE-2006-7205
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
CVE-2006-7205
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-2872 Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. | 17% Средний | около 18 лет назад | |
| CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. | 16% Средний | около 18 лет назад | |
 | CVE-2007-0448 The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | CVSS2: 10 | 2% Низкий | больше 18 лет назад |
| CVE-2007-2844 PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. | CVSS2: 9.3 | 1% Низкий | больше 18 лет назад |
| CVE-2007-2844 PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ... | CVSS2: 9.3 | 1% Низкий | больше 18 лет назад |
| CVE-2007-0448 The fopen function in PHP 5.2.0 does not properly handle invalid URI h ... | CVSS2: 10 | 2% Низкий | больше 18 лет назад |
 | CVE-2007-2844 PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. | CVSS2: 9.3 | 1% Низкий | больше 18 лет назад |
| CVE-2007-0448 The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | CVSS2: 10 | 2% Низкий | больше 18 лет назад |
| CVE-2006-7205 The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
| CVE-2006-7205 The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ... | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу