Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-4017 | 5.0 |
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier f
|
15-02-2024 - 21:16 | 24-11-2009 - 00:30 | |
CVE-2009-2687 | 4.3 |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
|
19-01-2023 - 16:38 | 05-08-2009 - 19:30 | |
CVE-2009-4142 | 4.3 |
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks b
|
30-10-2018 - 16:26 | 21-12-2009 - 16:30 | |
CVE-2009-3293 | 7.5 |
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-4143 | 10.0 |
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
|
30-10-2018 - 16:26 | 21-12-2009 - 16:30 | |
CVE-2009-3291 | 7.5 |
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-3557 | 5.0 |
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix argu
|
30-10-2018 - 16:26 | 23-11-2009 - 17:30 | |
CVE-2009-4018 | 7.5 |
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr
|
30-10-2018 - 16:26 | 29-11-2009 - 13:07 | |
CVE-2009-3292 | 7.5 |
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 |