PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2004-0958
php_variables.c in PHP before 5.0.2 allows remote attackers to read se ...
CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
CVE-2004-0958
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
CVE-2004-0958
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
CVE-2004-0542
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
CVE-2004-0542
PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...
CVE-2004-0595
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2004-0594
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVE-2004-0594
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5 ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2004-0958 php_variables.c in PHP before 5.0.2 allows remote attackers to read se ... | CVSS2: 5 | 8% Низкий | больше 21 года назад |
 | CVE-2004-0959 rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | CVSS2: 2.1 | 5% Низкий | больше 21 года назад |
| CVE-2004-0958 php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | CVSS2: 5 | 8% Низкий | больше 21 года назад |
 | CVE-2004-0959 rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | 5% Низкий | больше 21 года назад | |
| CVE-2004-0958 php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | 8% Низкий | больше 21 года назад | |
 | CVE-2004-0542 PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. | CVSS2: 10 | 12% Средний | больше 21 года назад |
| CVE-2004-0542 PHP before 4.3.7 on Win32 platforms does not properly filter all shell ... | CVSS2: 10 | 12% Средний | больше 21 года назад |
| CVE-2004-0595 The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | CVSS2: 6.8 | 49% Средний | больше 21 года назад |
| CVE-2004-0594 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | CVSS2: 5.1 | 78% Высокий | больше 21 года назад |
| CVE-2004-0594 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5 ... | CVSS2: 5.1 | 78% Высокий | больше 21 года назад |
Уязвимостей на страницу