PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 843
CVE-2007-0455
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
CVE-2007-0455
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ...
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVE-2006-5465
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-0455 Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. | CVSS2: 7.5 | 4% Низкий | больше 18 лет назад |
 | CVE-2007-0455 Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. | 4% Низкий | больше 18 лет назад | |
| CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | CVSS2: 4 | 5% Низкий | больше 18 лет назад |
 | CVE-2006-6383 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | CVSS2: 4.6 | 0% Низкий | больше 18 лет назад |
| CVE-2006-6383 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ... | CVSS2: 4.6 | 0% Низкий | больше 18 лет назад |
| CVE-2006-6383 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | CVSS2: 4.6 | 0% Низкий | больше 18 лет назад |
| CVE-2006-5706 Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. | CVSS2: 7.2 | 0% Низкий | почти 19 лет назад |
| CVE-2006-5706 Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ... | CVSS2: 7.2 | 0% Низкий | почти 19 лет назад |
| CVE-2006-5706 Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. | CVSS2: 7.2 | 0% Низкий | почти 19 лет назад |
| CVE-2006-5465 Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | CVSS2: 7.5 | 24% Средний | почти 19 лет назад |
Уязвимостей на страницу