Max CVSS 9.3 Min CVSS 4.3 Total Count16
IDCVSSSummaryLast (major) updatePublished
CVE-2008-2108 7.5
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a
30-10-2012 - 22:56 07-05-2008 - 17:20
CVE-2008-2107 7.5
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subse
30-10-2012 - 22:56 07-05-2008 - 17:20
CVE-2008-4107 5.1
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by
29-10-2012 - 23:16 18-09-2008 - 13:59
CVE-2007-5900 6.9
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
07-03-2011 - 22:01 20-11-2007 - 13:46
CVE-2007-5899 4.3
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as
07-03-2011 - 22:01 20-11-2007 - 14:46
CVE-2007-5898 6.4
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
07-03-2011 - 22:01 20-11-2007 - 13:46
CVE-2007-5653 9.3
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill b
07-03-2011 - 22:01 23-10-2007 - 17:47
CVE-2007-4887 4.3
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
07-03-2011 - 21:59 13-09-2007 - 20:17
CVE-2007-4840 5.0
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode
07-03-2011 - 21:59 12-09-2007 - 16:17
CVE-2007-4783 5.0
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2)
07-03-2011 - 21:59 10-09-2007 - 17:17
CVE-2007-3996 6.8
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-4782 5.0
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanie
21-08-2010 - 01:10 10-09-2007 - 17:17
CVE-2007-4825 7.5
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
05-02-2009 - 01:30 11-09-2007 - 21:17
CVE-2007-4784 5.0
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that su
05-02-2009 - 01:30 10-09-2007 - 17:17
CVE-2007-5447 4.3
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary f
15-11-2008 - 02:01 14-10-2007 - 14:17
CVE-2007-4889 6.8
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
05-09-2008 - 17:29 13-09-2007 - 21:17
Back to Top Mark selected
Back to Top