PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2007-1890

почти 19 лет назад

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1887

почти 19 лет назад

Buffer overflow in the sqlite_decode_binary function in the bundled sq ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1886

почти 19 лет назад

Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2. ...

CVSS2: 6.8

EPSS: Низкий

CVE-2007-1889

почти 19 лет назад

Integer signedness error in the _zend_mm_alloc_int function in the Zen ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1888

почти 19 лет назад

Buffer overflow in the sqlite_decode_binary function in src/encode.c i ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1885

почти 19 лет назад

Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1890

почти 19 лет назад

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1888

почти 19 лет назад

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-1883

почти 19 лет назад

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.

CVSS2: 7.8

EPSS: Низкий

CVE-2007-1887

почти 19 лет назад

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

CVSS2: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2007-1890 Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...	CVSS2: 7.5	5% Низкий	почти 19 лет назад
CVE-2007-1887 Buffer overflow in the sqlite_decode_binary function in the bundled sq ...	CVSS2: 7.5	4% Низкий	почти 19 лет назад
CVE-2007-1886 Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2. ...	CVSS2: 6.8	1% Низкий	почти 19 лет назад
CVE-2007-1889 Integer signedness error in the _zend_mm_alloc_int function in the Zen ...	CVSS2: 7.5	8% Низкий	почти 19 лет назад
CVE-2007-1888 Buffer overflow in the sqlite_decode_binary function in src/encode.c i ...	CVSS2: 7.5	5% Низкий	почти 19 лет назад
CVE-2007-1885 Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.	CVSS2: 7.5	2% Низкий	почти 19 лет назад
CVE-2007-1890 Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.	CVSS2: 7.5	5% Низкий	почти 19 лет назад
CVE-2007-1888 Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.	CVSS2: 7.5	5% Низкий	почти 19 лет назад
CVE-2007-1883 PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.	CVSS2: 7.8	1% Низкий	почти 19 лет назад
CVE-2007-1887 Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.	CVSS2: 7.5	4% Низкий	почти 19 лет назад

Уязвимостей на страницу