PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.

The stripos function in PHP before 5.1.5 has unknown impact and attack ...

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ...

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wor ...

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ...