PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2007-1582
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1583
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...
CVE-2007-1581
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...
CVE-2007-1582
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.
CVE-2007-1583
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
CVE-2007-1584
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
CVE-2007-1581
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.
CVE-2007-1522
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
CVE-2007-1521
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
CVE-2007-1521
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-1582 The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ... | CVSS2: 6.8 | 3% Низкий | почти 19 лет назад |
| CVE-2007-1583 The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ... | CVSS2: 6.8 | 21% Средний | почти 19 лет назад |
| CVE-2007-1581 The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ... | CVSS2: 9.3 | 10% Средний | почти 19 лет назад |
 | CVE-2007-1582 The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. | CVSS2: 6.8 | 3% Низкий | почти 19 лет назад |
| CVE-2007-1583 The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. | CVSS2: 6.8 | 21% Средний | почти 19 лет назад |
| CVE-2007-1584 Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | CVSS2: 6.8 | 3% Низкий | почти 19 лет назад |
| CVE-2007-1581 The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. | CVSS2: 9.3 | 10% Средний | почти 19 лет назад |
 | CVE-2007-1522 Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | CVSS2: 6.8 | 8% Низкий | почти 19 лет назад |
| CVE-2007-1521 Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | CVSS2: 6.8 | 15% Средний | почти 19 лет назад |
| CVE-2007-1521 Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ... | CVSS2: 6.8 | 15% Средний | почти 19 лет назад |
Уязвимостей на страницу