PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 843
CVE-2007-1582
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1581
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...
CVE-2007-1584
Buffer underflow in the header function in PHP 5.2.0 allows context-de ...
CVE-2007-1584
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
CVE-2007-1583
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
CVE-2007-1581
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.
CVE-2007-1582
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.
CVE-2007-1521
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
CVE-2007-1522
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
CVE-2007-1522
Double free vulnerability in the session extension in PHP 5.2.0 and 5. ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-1582 The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ... | CVSS2: 6.8 | 4% Низкий | больше 18 лет назад |
| CVE-2007-1581 The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ... | CVSS2: 9.3 | 11% Средний | больше 18 лет назад |
| CVE-2007-1584 Buffer underflow in the header function in PHP 5.2.0 allows context-de ... | CVSS2: 6.8 | 5% Низкий | больше 18 лет назад |
 | CVE-2007-1584 Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | CVSS2: 6.8 | 5% Низкий | больше 18 лет назад |
| CVE-2007-1583 The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. | CVSS2: 6.8 | 17% Средний | больше 18 лет назад |
| CVE-2007-1581 The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. | CVSS2: 9.3 | 11% Средний | больше 18 лет назад |
| CVE-2007-1582 The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. | CVSS2: 6.8 | 4% Низкий | больше 18 лет назад |
 | CVE-2007-1521 Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | CVSS2: 6.8 | 22% Средний | больше 18 лет назад |
| CVE-2007-1522 Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | CVSS2: 6.8 | 9% Низкий | больше 18 лет назад |
| CVE-2007-1522 Double free vulnerability in the session extension in PHP 5.2.0 and 5. ... | CVSS2: 6.8 | 9% Низкий | больше 18 лет назад |
Уязвимостей на страницу