Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-3007 5.0
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this
30-10-2018 - 16:25 04-06-2007 - 17:30
CVE-2006-5706 7.2
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector migh
30-10-2018 - 16:25 04-11-2006 - 01:07
CVE-2006-4481 7.2
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_o
30-10-2018 - 16:25 31-08-2006 - 21:04
CVE-2007-3997 7.5
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
26-10-2018 - 13:59 04-09-2007 - 18:17
CVE-2006-6383 4.6
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP v
17-10-2018 - 21:47 10-12-2006 - 20:28
CVE-2007-4889 6.8
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
15-10-2018 - 21:38 14-09-2007 - 01:17
CVE-2007-4850 5.0
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln
15-10-2018 - 21:38 25-01-2008 - 01:00
CVE-2008-2666 5.0
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to
11-10-2018 - 20:42 20-06-2008 - 01:41
CVE-2008-2665 5.0
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
11-10-2018 - 20:42 20-06-2008 - 01:41
CVE-2007-1710 4.3
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a
11-10-2017 - 01:31 27-03-2007 - 01:19
CVE-2007-4663 7.5
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
29-07-2017 - 01:33 04-09-2007 - 22:17
CVE-2007-4652 4.4
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
29-07-2017 - 01:33 04-09-2007 - 19:17
CVE-2006-3011 4.6
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
20-07-2017 - 01:31 26-06-2006 - 21:05
CVE-2006-2563 2.1
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
20-07-2017 - 01:31 29-05-2006 - 16:02
CVE-2007-0448 10.0
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the s
11-09-2008 - 00:49 24-05-2007 - 18:30
CVE-2006-7204 2.1
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. The vendor has addressed this issue with the following product updat
05-09-2008 - 21:16 22-05-2007 - 19:30
Back to Top Mark selected
Back to Top