PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2006-2563
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...
CVE-2006-2563
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
CVE-2006-3016
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
CVE-2006-1991
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
CVE-2006-1991
The substr_compare function in string.c in PHP 5.1.2 allows context-de ...
CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...
CVE-2006-1991
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2006-2563 The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ... | CVSS2: 2.1 | 1% Низкий | больше 19 лет назад |
 | CVE-2006-2563 The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | CVSS2: 2.1 | 1% Низкий | больше 19 лет назад |
 | CVE-2006-3016 Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). | 6% Низкий | больше 19 лет назад | |
 | CVE-2006-1991 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | CVSS2: 6.4 | 4% Низкий | больше 19 лет назад |
| CVE-2006-1990 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | CVSS2: 5 | 4% Низкий | больше 19 лет назад |
| CVE-2006-1991 The substr_compare function in string.c in PHP 5.1.2 allows context-de ... | CVSS2: 6.4 | 4% Низкий | больше 19 лет назад |
| CVE-2006-1990 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ... | CVSS2: 5 | 4% Низкий | больше 19 лет назад |
| CVE-2006-1991 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | CVSS2: 6.4 | 4% Низкий | больше 19 лет назад |
| CVE-2006-1990 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | CVSS2: 5 | 4% Низкий | больше 19 лет назад |
| CVE-2006-1990 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | 4% Низкий | больше 19 лет назад |
Уязвимостей на страницу