|Max CVSS||10.0||Min CVSS||2.1||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protec
|30-10-2018 - 16:26||12-11-2010 - 21:00|
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks b
|30-10-2018 - 16:26||21-12-2009 - 16:30|
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
|30-10-2018 - 16:25||04-11-2006 - 00:07|
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.
|30-10-2018 - 16:25||31-08-2006 - 21:04|
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
|30-10-2018 - 16:25||09-05-2007 - 00:19|
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the varia
|30-10-2018 - 16:25||14-06-2006 - 23:02|
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safet
|30-10-2018 - 16:25||29-03-2006 - 21:06|
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue
|30-10-2018 - 16:25||02-04-2007 - 23:19|
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of
|30-10-2018 - 16:25||28-03-2007 - 00:19|
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a se
|16-10-2018 - 16:50||28-06-2007 - 18:30|
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a
|11-10-2018 - 20:39||07-05-2008 - 21:20|
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied
|03-10-2018 - 21:58||03-03-2009 - 16:30|
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
|03-10-2018 - 21:48||05-09-2007 - 00:17|
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set
|03-05-2018 - 01:29||09-02-2005 - 05:00|
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
|09-01-2018 - 02:29||30-12-2011 - 01:55|
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability e
|09-01-2018 - 02:29||06-02-2012 - 20:55|
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-
|19-09-2017 - 01:29||19-10-2009 - 20:00|