Show filters
107 Total Results
Displaying 41-50 of 107
Sort by:
Attacker Value
Unknown

CVE-2009-3293

Disclosure Date: September 22, 2009 (last updated October 04, 2023)
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
0
Attacker Value
Unknown

CVE-2008-7068

Disclosure Date: August 25, 2009 (last updated October 04, 2023)
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
0
Attacker Value
Unknown

CVE-2008-5814

Disclosure Date: January 02, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
0
Attacker Value
Unknown

CVE-2008-5557

Disclosure Date: December 23, 2008 (last updated October 04, 2023)
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
0
Attacker Value
Unknown

CVE-2008-4107

Disclosure Date: September 18, 2008 (last updated October 04, 2023)
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
0
Attacker Value
Unknown

CVE-2007-4658

Disclosure Date: September 04, 2007 (last updated October 04, 2023)
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
0
Attacker Value
Unknown

CVE-2007-4652

Disclosure Date: September 04, 2007 (last updated October 04, 2023)
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
0
Attacker Value
Unknown

CVE-2007-3799

Disclosure Date: July 16, 2007 (last updated October 04, 2023)
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
0
Attacker Value
Unknown

CVE-2007-2844

Disclosure Date: May 24, 2007 (last updated October 04, 2023)
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
0
Attacker Value
Unknown

CVE-2007-2727

Disclosure Date: May 16, 2007 (last updated October 04, 2023)
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
0