| Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-2829 | 5.0 |
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega
|
09-10-2019 - 22:55 | 23-06-2008 - 20:41 | |
| CVE-2008-5658 | 7.5 |
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
|
11-10-2018 - 20:56 | 17-12-2008 - 20:30 | |
| CVE-2008-5557 | 10.0 |
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is n
|
11-10-2018 - 20:56 | 23-12-2008 - 18:30 | |
| CVE-2008-5624 | 7.5 |
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to b
|
11-10-2018 - 20:56 | 17-12-2008 - 17:30 | |
| CVE-2008-5625 | 7.5 |
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log"
|
11-10-2018 - 20:56 | 17-12-2008 - 17:30 | |
| CVE-2008-3659 | 6.4 |
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
| CVE-2008-3658 | 7.5 |
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Mi
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
| CVE-2008-3660 | 5.0 |
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. Overview contains a t
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
| CVE-2008-2666 | 5.0 |
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to
|
11-10-2018 - 20:42 | 20-06-2008 - 01:41 | |
| CVE-2008-2665 | 5.0 |
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
|
11-10-2018 - 20:42 | 20-06-2008 - 01:41 |