PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2007-1383

почти 19 лет назад

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.

CVSS3: 9.8

EPSS: Низкий

CVE-2007-1376

почти 19 лет назад

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

CVSS2: 7.5

EPSS: Средний

CVE-2007-1379

почти 19 лет назад

The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.

CVSS2: 5.1

EPSS: Низкий

CVE-2007-1001

почти 19 лет назад

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

EPSS: Средний

CVE-2007-1286

почти 19 лет назад

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

CVSS2: 6.8

EPSS: Высокий

CVE-2007-1285

почти 19 лет назад

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

CVSS3: 7.5

EPSS: Низкий

CVE-2007-1287

почти 19 лет назад

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

CVSS2: 4.3

EPSS: Средний

CVE-2007-1287

почти 19 лет назад

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...

CVSS2: 4.3

EPSS: Средний

CVE-2007-1286

почти 19 лет назад

Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...

CVSS2: 6.8

EPSS: Высокий

CVE-2007-1285

почти 19 лет назад

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2007-1383 Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.	CVSS3: 9.8	3% Низкий	почти 19 лет назад
CVE-2007-1376 The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.	CVSS2: 7.5	14% Средний	почти 19 лет назад
CVE-2007-1379 The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.	CVSS2: 5.1	1% Низкий	почти 19 лет назад
CVE-2007-1001 Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.		10% Средний	почти 19 лет назад
CVE-2007-1286 Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.	CVSS2: 6.8	86% Высокий	почти 19 лет назад
CVE-2007-1285 The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.	CVSS3: 7.5	8% Низкий	почти 19 лет назад
CVE-2007-1287 A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.	CVSS2: 4.3	23% Средний	почти 19 лет назад
CVE-2007-1287 A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...	CVSS2: 4.3	23% Средний	почти 19 лет назад
CVE-2007-1286 Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...	CVSS2: 6.8	86% Высокий	почти 19 лет назад
CVE-2007-1285 The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...	CVSS3: 7.5	8% Низкий	почти 19 лет назад

Уязвимостей на страницу