PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 768
CVE-2007-1379
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
CVE-2007-1376
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
CVE-2007-1383
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
CVE-2007-1380
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
CVE-2007-1381
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ...
CVE-2007-1376
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ...
CVE-2007-1378
The ovrimos_longreadlen function in the Ovrimos extension for PHP befo ...
CVE-2007-1379
The ovrimos_close function in the Ovrimos extension for PHP before 4.4 ...
CVE-2007-1375
Integer overflow in the substr_compare function in PHP 5.2.1 and earli ...
CVE-2007-1380
The php_binary serialization handler in the session extension in PHP b ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-1379 The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code. | CVSS2: 5.1 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1376 The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. | CVSS2: 7.5 | 12% Средний | больше 18 лет назад |
| CVE-2007-1383 Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286. | CVSS3: 9.8 | 3% Низкий | больше 18 лет назад |
| CVE-2007-1380 The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. | CVSS2: 5 | 12% Средний | больше 18 лет назад |
| CVE-2007-1381 The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ... | CVSS2: 7.6 | 5% Низкий | больше 18 лет назад |
| CVE-2007-1376 The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ... | CVSS2: 7.5 | 12% Средний | больше 18 лет назад |
| CVE-2007-1378 The ovrimos_longreadlen function in the Ovrimos extension for PHP befo ... | CVSS2: 5.1 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1379 The ovrimos_close function in the Ovrimos extension for PHP before 4.4 ... | CVSS2: 5.1 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1375 Integer overflow in the substr_compare function in PHP 5.2.1 and earli ... | CVSS2: 5 | 15% Средний | больше 18 лет назад |
| CVE-2007-1380 The php_binary serialization handler in the session extension in PHP b ... | CVSS2: 5 | 12% Средний | больше 18 лет назад |
Уязвимостей на страницу