| Bug | Description |
|---|
| TEMP-0540606-8877D9 | php5: 'open_basedir' bypass |
| TEMP-0000000-FE3BD0 | Session WDDX Packet Deserialization Type Confusion Vulnerability |
| TEMP-0000000-F647EF | Missing safemode checks in PHP's _php_image_output functions |
| TEMP-0000000-F26C42 | Type confusion vulnerability in WDDX packet deserialization |
| TEMP-0000000-F1CA5F | Type Confusion Vulnerability in PHP_to_XMLRPC_worker() |
| TEMP-0000000-EA5272 | NULL Pointer Dereference in phar_tar_setupmetadata() |
| TEMP-0000000-D591DC | Integer overflow in iptcembed() |
| TEMP-0000000-B391CA | exec functions ignore length but look for NULL termination |
| TEMP-0000000-A9D025 | Crash on bad SOAP request |
| TEMP-0000000-5909B0 | Use-after-free in WDDX Packet Deserialization |
| CVE-2024-9026 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... |
| CVE-2024-8927 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... |
| CVE-2024-8926 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... |
| CVE-2024-8925 | In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... |
| CVE-2024-5585 | In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ... |
| CVE-2024-5458 | In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ... |
| CVE-2024-4577 | In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ... |
| CVE-2024-3096 | In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ... |
| CVE-2024-2757 | In PHP 8.3.* before 8.3.5, functionmb_encode_mimeheader() runs endless ... |
| CVE-2024-2756 | Due to an incomplete fix to CVE-2022-31629 https://github.com/advisor ... |
| CVE-2024-1874 | In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ... |
| CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ... |
| CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ... |
| CVE-2023-0662 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ... |
| CVE-2023-0568 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ... |
| CVE-2023-0567 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ... |
| CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ... |
| CVE-2022-31631 | |
| CVE-2022-31630 | In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ... |
| CVE-2022-31629 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ... |
| CVE-2022-31628 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ... |
| CVE-2022-31627 | In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ... |
| CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ... |
| CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ... |
| CVE-2022-4900 | A vulnerability was found in PHP where setting the environment variabl ... |
| CVE-2021-21708 | In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x belo ... |
| CVE-2021-21707 | In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ... |
| CVE-2021-21706 | In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ... |
| CVE-2021-21705 | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ... |
| CVE-2021-21704 | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ... |
| CVE-2021-21703 | In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ... |
| CVE-2021-21702 | In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ... |
| CVE-2020-7071 | In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ... |
| CVE-2020-7070 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ... |
| CVE-2020-7069 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ... |
| CVE-2020-7068 | In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ... |
| CVE-2020-7067 | In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ... |
| CVE-2020-7066 | In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ... |
| CVE-2020-7065 | In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ... |
| CVE-2020-7064 | In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ... |
| CVE-2020-7063 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ... |
| CVE-2020-7062 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ... |
| CVE-2020-7061 | In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ... |
| CVE-2020-7060 | When using certain mbstring functions to convert multibyte encodings, ... |
| CVE-2020-7059 | When using fgetss() function to read data with stripping tags, in PHP ... |
| CVE-2019-13224 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ... |
| CVE-2019-11050 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11049 | In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ... |
| CVE-2019-11048 | In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ... |
| CVE-2019-11047 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11046 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ... |
| CVE-2019-11045 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ... |
| CVE-2019-11044 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ... |
| CVE-2019-11043 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ... |
| CVE-2019-11042 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11041 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11040 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11039 | Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ... |
| CVE-2019-11036 | When processing certain files, PHP EXIF extension in versions 7.1.x be ... |
| CVE-2019-11035 | When processing certain files, PHP EXIF extension in versions 7.1.x be ... |
| CVE-2019-11034 | When processing certain files, PHP EXIF extension in versions 7.1.x be ... |
| CVE-2019-9675 | An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3. ... |
| CVE-2019-9641 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9640 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9639 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9638 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9637 | An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ... |
| CVE-2019-9024 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-9023 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-9022 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ... |
| CVE-2019-9021 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-9020 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-6977 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ... |
| CVE-2018-1000888 | PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 ... |
| CVE-2018-20783 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2. ... |
| CVE-2018-19935 | ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote atta ... |
| CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ... |
| CVE-2018-19396 | ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attac ... |
| CVE-2018-19395 | ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attacke ... |
| CVE-2018-17082 | The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ... |
| CVE-2018-15132 | An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ... |
| CVE-2018-14884 | An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ... |
| CVE-2018-14883 | An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1 ... |
| CVE-2018-14851 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ... |
| CVE-2018-12882 | exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allo ... |
| CVE-2018-10549 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ... |
| CVE-2018-10548 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ... |
| CVE-2018-10547 | An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ... |
| CVE-2018-10546 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ... |
| CVE-2018-10545 | An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1 ... |
| CVE-2018-7584 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ... |
| CVE-2018-5712 | An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ... |
| CVE-2018-5711 | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ... |
| CVE-2017-16642 | In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ... |
| CVE-2017-14107 | The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ... |
| CVE-2017-12933 | The finish_nested_data function in ext/standard/var_unserializer.re in ... |
| CVE-2017-11628 | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ... |
| CVE-2017-11147 | In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler c ... |
| CVE-2017-11145 | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an er ... |
| CVE-2017-11144 | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ... |
| CVE-2017-11143 | In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ... |
| CVE-2017-11142 | In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ... |
| CVE-2017-9120 | PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ... |
| CVE-2016-10712 | In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ... |
| CVE-2016-10397 | In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ... |
| CVE-2016-10168 | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ... |
| CVE-2016-10167 | The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ... |
| CVE-2016-10161 | The object_common1 function in ext/standard/var_unserializer.c in PHP ... |
| CVE-2016-10160 | Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ... |
| CVE-2016-10159 | Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ... |
| CVE-2016-10158 | The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ... |
| CVE-2016-9935 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ... |
| CVE-2016-9934 | ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ... |
| CVE-2016-9933 | Stack consumption vulnerability in the gdImageFillToBorder function in ... |
| CVE-2016-9138 | PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ... |
| CVE-2016-9137 | Use-after-free vulnerability in the CURLFile implementation in ext/cur ... |
| CVE-2016-7568 | Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ... |
| CVE-2016-7479 | In all versions of PHP 7, during the unserialization process, resizing ... |
| CVE-2016-7478 | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ... |
| CVE-2016-7418 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ... |
| CVE-2016-7417 | ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceed ... |
| CVE-2016-7416 | ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x bef ... |
| CVE-2016-7414 | The ZIP signature-verification feature in PHP before 5.6.26 and 7.x be ... |
| CVE-2016-7413 | Use-after-free vulnerability in the wddx_stack_destroy function in ext ... |
| CVE-2016-7412 | ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ... |
| CVE-2016-7411 | ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles objec ... |
| CVE-2016-7134 | ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ... |
| CVE-2016-7133 | Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ... |
| CVE-2016-7132 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ... |
| CVE-2016-7131 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ... |
| CVE-2016-7130 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ... |
| CVE-2016-7129 | The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ... |
| CVE-2016-7128 | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ... |
| CVE-2016-7127 | The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ... |
| CVE-2016-7126 | The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ... |
| CVE-2016-7125 | ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ... |
| CVE-2016-7124 | ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ... |
| CVE-2016-6297 | Integer overflow in the php_stream_zip_opener function in ext/zip/zip_ ... |
| CVE-2016-6296 | Integer signedness error in the simplestring_addn function in simplest ... |
| CVE-2016-6295 | ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ... |
| CVE-2016-6294 | The locale_accept_from_http function in ext/intl/locale/locale_methods ... |
| CVE-2016-6292 | The exif_process_user_comment function in ext/exif/exif.c in PHP befor ... |
| CVE-2016-6291 | The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ... |
| CVE-2016-6290 | ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ... |
| CVE-2016-6289 | Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ... |
| CVE-2016-6288 | The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5. ... |
| CVE-2016-6207 | Integer overflow in the _gdContributionsAlloc function in gd_interpola ... |
| CVE-2016-6128 | The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ... |
| CVE-2016-5773 | php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ... |
| CVE-2016-5772 | Double free vulnerability in the php_wddx_process_data function in wdd ... |
| CVE-2016-5771 | spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ... |
| CVE-2016-5770 | Integer overflow in the SplFileObject::fread function in spl_directory ... |
| CVE-2016-5769 | Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ... |
| CVE-2016-5768 | Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ... |
| CVE-2016-5767 | Integer overflow in the gdImageCreate function in gd.c in the GD Graph ... |
| CVE-2016-5766 | Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ... |
| CVE-2016-5399 | The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ... |
| CVE-2016-5385 | PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ... |
| CVE-2016-5114 | sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ... |
| CVE-2016-5096 | Integer overflow in the fread function in ext/standard/file.c in PHP b ... |
| CVE-2016-5095 | Integer overflow in the php_escape_html_entities_ex function in ext/st ... |
| CVE-2016-5094 | Integer overflow in the php_html_entities function in ext/standard/htm ... |
| CVE-2016-5093 | The get_icu_value_internal function in ext/intl/locale/locale_methods. ... |
| CVE-2016-4544 | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ... |
| CVE-2016-4543 | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ... |
| CVE-2016-4542 | The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ... |
| CVE-2016-4541 | The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ... |
| CVE-2016-4540 | The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ... |
| CVE-2016-4539 | The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5. ... |
| CVE-2016-4538 | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ... |
| CVE-2016-4537 | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ... |
| CVE-2016-4473 | /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ... |
| CVE-2016-4346 | Integer overflow in the str_pad function in ext/standard/string.c in P ... |
| CVE-2016-4345 | Integer overflow in the php_filter_encode_url function in ext/filter/s ... |
| CVE-2016-4344 | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in P ... |
| CVE-2016-4343 | The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ... |
| CVE-2016-4342 | ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and ... |
| CVE-2016-4073 | Multiple integer overflows in the mbfl_strcut function in ext/mbstring ... |
| CVE-2016-4072 | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ... |
| CVE-2016-4071 | Format string vulnerability in the php_snmp_error function in ext/snmp ... |
| CVE-2016-4070 | Integer overflow in the php_raw_url_encode function in ext/standard/ur ... |
| CVE-2016-3185 | The make_http_soap_request function in ext/soap/php_http.c in PHP befo ... |
| CVE-2016-3142 | The phar_parse_zipfile function in zip.c in the PHAR extension in PHP ... |
| CVE-2016-3141 | Use-after-free vulnerability in wddx.c in the WDDX extension in PHP be ... |
| CVE-2016-3074 | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or li ... |
| CVE-2016-2554 | Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5. ... |
| CVE-2016-1904 | Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7. ... |
| CVE-2016-1903 | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolatio ... |
| CVE-2015-8994 | An issue was discovered in PHP 5.x and 7.x, when the configuration use ... |
| CVE-2015-8935 | The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ... |
| CVE-2015-8879 | The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ... |
| CVE-2015-8878 | main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ... |
| CVE-2015-8877 | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ... |
| CVE-2015-8876 | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ... |
| CVE-2015-8874 | Stack consumption vulnerability in GD in PHP before 5.6.12 allows remo ... |
| CVE-2015-8873 | Stack consumption vulnerability in Zend/zend_exceptions.c in PHP befor ... |
| CVE-2015-8867 | The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ... |
| CVE-2015-8866 | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ... |
| CVE-2015-8865 | The file_check_mem function in funcs.c in file before 5.23, as used in ... |
| CVE-2015-8838 | ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ... |
| CVE-2015-8835 | The make_http_soap_request function in ext/soap/php_http.c in PHP befo ... |
| CVE-2015-7804 | Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c ... |
| CVE-2015-7803 | The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5. ... |
| CVE-2015-6838 | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... |
| CVE-2015-6837 | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... |
| CVE-2015-6836 | The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, ... |
| CVE-2015-6835 | The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ... |
| CVE-2015-6834 | Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ... |
| CVE-2015-6833 | Directory traversal vulnerability in the PharData class in PHP before ... |
| CVE-2015-6832 | Use-after-free vulnerability in the SPL unserialize implementation in ... |
| CVE-2015-6831 | Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ... |
| CVE-2015-6527 | The php_str_replace_in_subject function in ext/standard/string.c in PH ... |
| CVE-2015-5590 | Stack-based buffer overflow in the phar_fix_filepath function in ext/p ... |
| CVE-2015-5589 | The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ... |
| CVE-2015-4644 | The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ... |
| CVE-2015-4643 | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ... |
| CVE-2015-4642 | The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ... |
| CVE-2015-4605 | The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ... |
| CVE-2015-4604 | The mget function in softmagic.c in file 5.x, as used in the Fileinfo ... |
| CVE-2015-4603 | The exception::getTraceAsString function in Zend/zend_exceptions.c in ... |
| CVE-2015-4602 | The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ... |
| CVE-2015-4601 | PHP before 5.6.7 might allow remote attackers to cause a denial of ser ... |
| CVE-2015-4600 | The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.2 ... |
| CVE-2015-4599 | The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ... |
| CVE-2015-4598 | PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does n ... |
| CVE-2015-4148 | The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ... |
| CVE-2015-4147 | The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ... |
| CVE-2015-4116 | Use-after-free vulnerability in the spl_ptr_heap_insert function in ex ... |
| CVE-2015-4026 | The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.2 ... |
| CVE-2015-4025 | PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncat ... |
| CVE-2015-4024 | Algorithmic complexity vulnerability in the multipart_buffer_headers f ... |
| CVE-2015-4022 | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ... |
| CVE-2015-4021 | The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ... |
| CVE-2015-3412 | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ... |
| CVE-2015-3411 | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ... |
| CVE-2015-3330 | The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ... |
| CVE-2015-3329 | Multiple stack-based buffer overflows in the phar_set_inode function i ... |
| CVE-2015-3307 | The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4. ... |
| CVE-2015-3211 | php-fpm allows local users to write to or create arbitrary files via a ... |
| CVE-2015-2787 | Use-after-free vulnerability in the process_nested_data function in ex ... |
| CVE-2015-2783 | ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ... |
| CVE-2015-2348 | The move_uploaded_file implementation in ext/standard/basic_functions. ... |
| CVE-2015-2331 | Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ... |
| CVE-2015-2305 | Integer overflow in the regcomp implementation in the Henry Spencer BS ... |
| CVE-2015-2301 | Use-after-free vulnerability in the phar_rename_archive function in ph ... |
| CVE-2015-1352 | The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ... |
| CVE-2015-1351 | Use-after-free vulnerability in the _zend_shared_memdup function in ze ... |
| CVE-2015-0273 | Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ... |
| CVE-2015-0232 | The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4 ... |
| CVE-2015-0231 | Use-after-free vulnerability in the process_nested_data function in ex ... |
| CVE-2014-9912 | The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ... |
| CVE-2014-9767 | Directory traversal vulnerability in the ZipArchive::extractTo functio ... |
| CVE-2014-9709 | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ... |
| CVE-2014-9705 | Heap-based buffer overflow in the enchant_broker_request_dict function ... |
| CVE-2014-9653 | readelf.c in file before 5.22, as used in the Fileinfo component in PH ... |
| CVE-2014-9652 | The mconvert function in softmagic.c in file before 5.21, as used in t ... |
| CVE-2014-9621 | The ELF parser in file 5.16 through 5.21 allows remote attackers to ca ... |
| CVE-2014-9620 | The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ... |
| CVE-2014-9427 | sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ... |
| CVE-2014-8626 | Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ... |
| CVE-2014-8142 | Use-after-free vulnerability in the process_nested_data function in ex ... |
| CVE-2014-8117 | softmagic.c in file before 5.21 does not properly limit recursion, whi ... |
| CVE-2014-8116 | The ELF parser (readelf.c) in file before 5.21 allows remote attackers ... |
| CVE-2014-5120 | gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x befo ... |
| CVE-2014-4721 | The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ... |
| CVE-2014-4698 | Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ... |
| CVE-2014-4670 | Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ... |
| CVE-2014-4049 | Heap-based buffer overflow in the php_parserr function in ext/standard ... |
| CVE-2014-3981 | acinclude.m4, as used in the configure script in PHP 5.5.13 and earlie ... |
| CVE-2014-3710 | The donote function in readelf.c in file through 5.20, as used in the ... |
| CVE-2014-3670 | The exif_ifd_make_value function in exif.c in the EXIF extension in PH ... |
| CVE-2014-3669 | Integer overflow in the object_custom function in ext/standard/var_uns ... |
| CVE-2014-3668 | Buffer overflow in the date_from_ISO8601 function in the mkgmtime impl ... |
| CVE-2014-3622 | Use-after-free vulnerability in the add_post_var function in the Posth ... |
| CVE-2014-3597 | Multiple buffer overflows in the php_parserr function in ext/standard/ ... |
| CVE-2014-3587 | Integer overflow in the cdf_read_property_info function in cdf.c in fi ... |
| CVE-2014-3538 | file before 5.19 does not properly restrict the amount of data read du ... |
| CVE-2014-3515 | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ... |
| CVE-2014-3487 | The cdf_read_property_info function in file before 5.19, as used in th ... |
| CVE-2014-3480 | The cdf_count_chain function in cdf.c in file before 5.19, as used in ... |
| CVE-2014-3479 | The cdf_check_stream_offset function in cdf.c in file before 5.19, as ... |
| CVE-2014-3478 | Buffer overflow in the mconvert function in softmagic.c in file before ... |
| CVE-2014-2497 | The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ... |
| CVE-2014-2270 | softmagic.c in file before 5.17 and libmagic allows context-dependent ... |
| CVE-2014-2020 | ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ... |
| CVE-2014-1943 | Fine Free file before 5.17 allows context-dependent attackers to cause ... |
| CVE-2014-0238 | The cdf_read_property_info function in cdf.c in the Fileinfo component ... |
| CVE-2014-0237 | The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ... |
| CVE-2014-0236 | file before 5.18, as used in the Fileinfo component in PHP before 5.6. ... |
| CVE-2014-0207 | The cdf_read_short_sector function in cdf.c in file before 5.19, as us ... |
| CVE-2014-0185 | sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP be ... |
| CVE-2013-7456 | gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ... |
| CVE-2013-7345 | The BEGIN regular expression in the awk script detector in magic/Magdi ... |
| CVE-2013-7328 | Multiple integer signedness errors in the gdImageCrop function in ext/ ... |
| CVE-2013-7327 | The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ... |
| CVE-2013-7226 | Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5 ... |
| CVE-2013-6712 | The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ... |
| CVE-2013-6420 | The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ... |
| CVE-2013-4636 | The mget function in libmagic/softmagic.c in the Fileinfo component in ... |
| CVE-2013-4635 | Integer overflow in the SdnToJewish function in jewish.c in the Calend ... |
| CVE-2013-4248 | The openssl_x509_parse function in openssl.c in the OpenSSL module in ... |
| CVE-2013-4113 | ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ... |
| CVE-2013-2110 | Heap-based buffer overflow in the php_quot_print_encode function in ex ... |
| CVE-2013-1824 | The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ... |
| CVE-2013-1643 | The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows re ... |
| CVE-2013-1635 | ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ... |
| CVE-2012-6113 | The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ... |
| CVE-2012-5381 | Untrusted search path vulnerability in the installation functionality ... |
| CVE-2012-4388 | The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4 ... |
| CVE-2012-3450 | pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ... |
| CVE-2012-2688 | Unspecified vulnerability in the _php_stream_scandir function in the s ... |
| CVE-2012-2386 | Integer overflow in the phar_parse_tarfile function in tar.c in the ph ... |
| CVE-2012-2376 | Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ea ... |
| CVE-2012-2336 | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ... |
| CVE-2012-2329 | Buffer overflow in the apache_request_headers function in sapi/cgi/cgi ... |
| CVE-2012-2317 | The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in th ... |
| CVE-2012-2311 | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ... |
| CVE-2012-2143 | The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ... |
| CVE-2012-1823 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ... |
| CVE-2012-1172 | The file-upload implementation in rfc1867.c in PHP before 5.4.0 does n ... |
| CVE-2012-0831 | PHP before 5.3.10 does not properly perform a temporary change to the ... |
| CVE-2012-0830 | The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ... |
| CVE-2012-0789 | Memory leak in the timezone functionality in PHP before 5.3.9 allows r ... |
| CVE-2012-0788 | The PDORow implementation in PHP before 5.3.9 does not properly intera ... |
| CVE-2012-0781 | The tidy_diagnose function in PHP 5.3.8 might allow remote attackers t ... |
| CVE-2012-0057 | PHP before 5.3.9 has improper libxslt security settings, which allows ... |
| CVE-2011-4885 | PHP before 5.3.9 computes hash values for form parameters without rest ... |
| CVE-2011-4718 | Session fixation vulnerability in the Sessions subsystem in PHP before ... |
| CVE-2011-4566 | Integer overflow in the exif_process_IFD_TAG function in exif.c in the ... |
| CVE-2011-4153 | PHP 5.3.8 does not always check the return value of the zend_strndup f ... |
| CVE-2011-3379 | The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __auto ... |
| CVE-2011-3268 | Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ... |
| CVE-2011-3267 | PHP before 5.3.7 does not properly implement the error_log function, w ... |
| CVE-2011-3189 | The crypt function in PHP 5.3.7, when the MD5 hash type is used, retur ... |
| CVE-2011-3182 | PHP before 5.3.7 does not properly check the return values of the mall ... |
| CVE-2011-2483 | crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain plat ... |
| CVE-2011-2202 | The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ... |
| CVE-2011-1938 | Stack-based buffer overflow in the socket_connect function in ext/sock ... |
| CVE-2011-1657 | The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions i ... |
| CVE-2011-1471 | Integer signedness error in zip_stream.c in the Zip extension in PHP b ... |
| CVE-2011-1470 | The Zip extension in PHP before 5.3.6 allows context-dependent attacke ... |
| CVE-2011-1469 | Unspecified vulnerability in the Streams component in PHP before 5.3.6 ... |
| CVE-2011-1468 | Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 mig ... |
| CVE-2011-1467 | Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfm ... |
| CVE-2011-1466 | Integer overflow in the SdnToJulian function in the Calendar extension ... |
| CVE-2011-1464 | Buffer overflow in the strval function in PHP before 5.3.6, when the p ... |
| CVE-2011-1398 | The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5. ... |
| CVE-2011-1153 | Multiple format string vulnerabilities in phar_object.c in the phar ex ... |
| CVE-2011-1148 | Use-after-free vulnerability in the substr_replace function in PHP 5.3 ... |
| CVE-2011-1144 | The installer in PEAR 1.9.2 and earlier allows local users to overwrit ... |
| CVE-2011-1092 | Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows conte ... |
| CVE-2011-1072 | The installer in PEAR before 1.9.2 allows local users to overwrite arb ... |
| CVE-2011-0755 | Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ... |
| CVE-2011-0754 | The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ... |
| CVE-2011-0753 | Race condition in the PCNTL extension in PHP before 5.3.4, when a user ... |
| CVE-2011-0752 | The extract function in PHP before 5.2.15 does not prevent use of the ... |
| CVE-2011-0708 | exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ... |
| CVE-2011-0441 | The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows lo ... |
| CVE-2011-0421 | The _zip_name_locate function in zip_name_locate.c in the Zip extensio ... |
| CVE-2011-0420 | The grapheme_extract function in the Internationalization extension (I ... |
| CVE-2010-4700 | The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ... |
| CVE-2010-4699 | The iconv_mime_decode_headers function in the Iconv extension in PHP b ... |
| CVE-2010-4698 | Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ... |
| CVE-2010-4697 | Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ... |
| CVE-2010-4657 | PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ... |
| CVE-2010-4645 | strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ... |
| CVE-2010-4409 | Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_sym ... |
| CVE-2010-4156 | The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ... |
| CVE-2010-4150 | Double free vulnerability in the imap_do_open function in the IMAP ext ... |
| CVE-2010-3870 | The utf8_decode function in PHP before 5.3.4 does not properly handle ... |
| CVE-2010-3710 | Stack consumption vulnerability in the filter_var function in PHP 5.2. ... |
| CVE-2010-3709 | The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ... |
| CVE-2010-3436 | fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attacke ... |
| CVE-2010-3065 | The default session serializer in PHP 5.2 through 5.2.13 and 5.3 throu ... |
| CVE-2010-2950 | Format string vulnerability in stream.c in the phar extension in PHP 5 ... |
| CVE-2010-2531 | The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ... |
| CVE-2010-2484 | The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ... |
| CVE-2010-2225 | Use-after-free vulnerability in the SplObjectStorage unserializer in P ... |
| CVE-2010-2191 | The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ... |
| CVE-2010-2094 | Multiple format string vulnerabilities in the phar extension in PHP 5. ... |
| CVE-2010-2093 | Use-after-free vulnerability in the request shutdown functionality in ... |
| CVE-2010-1917 | Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 thro ... |
| CVE-2010-1866 | The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chu ... |
| CVE-2010-1864 | The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ... |
| CVE-2010-1860 | The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 thro ... |
| CVE-2010-1130 | session.c in the session extension in PHP before 5.2.13, and 5.3.1, do ... |
| CVE-2010-1129 | The safe_mode implementation in PHP before 5.2.13 does not properly ha ... |
| CVE-2010-1128 | The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ... |
| CVE-2010-0397 | The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ... |
| CVE-2009-5016 | Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in P ... |
| CVE-2009-4143 | PHP before 5.2.12 does not properly handle session data, which has uns ... |
| CVE-2009-4142 | The htmlspecialchars function in PHP before 5.2.12 does not properly h ... |
| CVE-2009-4018 | The proc_open function in ext/standard/proc_open.c in PHP before 5.2.1 ... |
| CVE-2009-4017 | PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ... |
| CVE-2009-3558 | The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 an ... |
| CVE-2009-3557 | The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5 ... |
| CVE-2009-3546 | The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ... |
| CVE-2009-3294 | The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5 ... |
| CVE-2009-3293 | Unspecified vulnerability in the imagecolortransparent function in PHP ... |
| CVE-2009-3292 | Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1 ... |
| CVE-2009-3291 | The php_openssl_apply_verification_policy function in PHP before 5.2.1 ... |
| CVE-2009-2687 | The exif_read_data function in the Exif module in PHP before 5.2.10 al ... |
| CVE-2009-2626 | The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2 ... |
| CVE-2009-1272 | The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x befo ... |
| CVE-2009-1271 | The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ... |
| CVE-2009-0754 | PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows l ... |
| CVE-2008-7068 | The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ... |
| CVE-2008-5844 | PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functi ... |
| CVE-2008-5814 | Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ea ... |
| CVE-2008-5658 | Directory traversal vulnerability in the ZipArchive::extractTo functio ... |
| CVE-2008-5624 | PHP 5 before 5.2.7 does not properly initialize the page_uid and page_ ... |
| CVE-2008-5557 | Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_ht ... |
| CVE-2008-5498 | Array index error in the imageRotate function in PHP 5.2.8 and earlier ... |
| CVE-2008-3660 | PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ... |
| CVE-2008-3659 | Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ... |
| CVE-2008-3658 | Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4. ... |
| CVE-2008-2829 | php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ... |
| CVE-2008-2665 | Directory traversal vulnerability in the posix_access function in PHP ... |
| CVE-2008-2108 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ... |
| CVE-2008-2107 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ... |
| CVE-2008-2051 | The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ... |
| CVE-2008-2050 | Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP bef ... |
| CVE-2008-1384 | Integer overflow in PHP 5.2.5 and earlier allows context-dependent att ... |
| CVE-2008-0674 | Buffer overflow in PCRE before 7.6 allows remote attackers to execute ... |
| CVE-2008-0599 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ... |
| CVE-2007-6039 | PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ... |
| CVE-2007-5899 | The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ... |
| CVE-2007-5898 | The (1) htmlentities and (2) htmlspecialchars functions in PHP before ... |
| CVE-2007-5653 | The Component Object Model (COM) functions in PHP 5.x on Windows do no ... |
| CVE-2007-4887 | The dl function in PHP 5.2.4 and earlier allows context-dependent atta ... |
| CVE-2007-4850 | curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ... |
| CVE-2007-4825 | Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ... |
| CVE-2007-4784 | The setlocale function in PHP before 5.2.4 allows context-dependent at ... |
| CVE-2007-4783 | The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ... |
| CVE-2007-4782 | PHP before 5.2.3 allows context-dependent attackers to cause a denial ... |
| CVE-2007-4670 | Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ... |
| CVE-2007-4663 | Directory traversal vulnerability in PHP before 5.2.4 allows attackers ... |
| CVE-2007-4662 | Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ... |
| CVE-2007-4661 | The chunk_split function in string.c in PHP 5.2.3 does not properly ca ... |
| CVE-2007-4660 | Unspecified vulnerability in the chunk_split function in PHP before 5. ... |
| CVE-2007-4659 | The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ... |
| CVE-2007-4658 | The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ... |
| CVE-2007-4657 | Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ... |
| CVE-2007-4652 | The session extension in PHP before 5.2.4 might allow local users to b ... |
| CVE-2007-4441 | Buffer overflow in php_win32std.dll in the win32std extension for PHP ... |
| CVE-2007-4010 | The win32std extension in PHP 5.2.3 does not follow safe_mode and disa ... |
| CVE-2007-3998 | The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, d ... |
| CVE-2007-3997 | The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ... |
| CVE-2007-3806 | The glob function in PHP 5.2.3 allows context-dependent attackers to c ... |
| CVE-2007-3799 | The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ... |
| CVE-2007-3790 | The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ... |
| CVE-2007-3378 | The (1) session_save_path, (2) ini_set, and (3) error_log functions in ... |
| CVE-2007-3007 | PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode rest ... |
| CVE-2007-2872 | Multiple integer overflows in the chunk_split function in PHP 5 before ... |
| CVE-2007-2844 | PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ... |
| CVE-2007-2748 | The substr_count function in PHP 5.2.1 and earlier allows context-depe ... |
| CVE-2007-2728 | The soap extension in PHP calls php_rand_r with an uninitialized seed ... |
| CVE-2007-2727 | The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4 ... |
| CVE-2007-2519 | Directory traversal vulnerability in the installer in PEAR 1.0 through ... |
| CVE-2007-2511 | Buffer overflow in the user_filter_factory_create function in PHP befo ... |
| CVE-2007-2510 | Buffer overflow in the make_http_soap_request function in PHP before 5 ... |
| CVE-2007-2509 | CRLF injection vulnerability in the ftp_putcmd function in PHP before ... |
| CVE-2007-1900 | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ex ... |
| CVE-2007-1889 | Integer signedness error in the _zend_mm_alloc_int function in the Zen ... |
| CVE-2007-1887 | Buffer overflow in the sqlite_decode_binary function in the bundled sq ... |
| CVE-2007-1864 | Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ... |
| CVE-2007-1824 | Buffer overflow in the php_stream_filter_create function in PHP 5 befo ... |
| CVE-2007-1777 | Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ... |
| CVE-2007-1718 | CRLF injection vulnerability in the mail function in PHP 4.0.0 through ... |
| CVE-2007-1717 | The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 t ... |
| CVE-2007-1711 | Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 a ... |
| CVE-2007-1701 | PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is e ... |
| CVE-2007-1700 | The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, c ... |
| CVE-2007-1649 | PHP 5.2.1 allows context-dependent attackers to read portions of heap ... |
| CVE-2007-1583 | The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ... |
| CVE-2007-1522 | Double free vulnerability in the session extension in PHP 5.2.0 and 5. ... |
| CVE-2007-1521 | Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ... |
| CVE-2007-1484 | The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ... |
| CVE-2007-1461 | The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ... |
| CVE-2007-1460 | The zip:// URL wrapper provided by the PECL zip extension in PHP befor ... |
| CVE-2007-1454 | ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ... |
| CVE-2007-1453 | Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ... |
| CVE-2007-1452 | The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ... |
| CVE-2007-1412 | The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 al ... |
| CVE-2007-1411 | Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versio ... |
| CVE-2007-1399 | Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8. ... |
| CVE-2007-1396 | The import_request_variables function in PHP 4.0.7 through 4.4.6, and ... |
| CVE-2007-1381 | The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ... |
| CVE-2007-1380 | The php_binary serialization handler in the session extension in PHP b ... |
| CVE-2007-1376 | The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ... |
| CVE-2007-1375 | Integer overflow in the substr_compare function in PHP 5.2.1 and earli ... |
| CVE-2007-1286 | Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ... |
| CVE-2007-1285 | The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ... |
| CVE-2007-0988 | The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4 ... |
| CVE-2007-0911 | Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ... |
| CVE-2007-0910 | Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ... |
| CVE-2007-0909 | Multiple format string vulnerabilities in PHP before 5.2.1 might allow ... |
| CVE-2007-0908 | The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ... |
| CVE-2007-0907 | Buffer underflow in PHP before 5.2.1 allows attackers to cause a denia ... |
| CVE-2007-0906 | Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ... |
| CVE-2007-0905 | PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ... |
| CVE-2006-7243 | PHP before 5.3.4 accepts the \0 character in a pathname, which might a ... |
| CVE-2006-5706 | Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ... |
| CVE-2006-5465 | Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ... |
| CVE-2006-5178 | Race condition in the symlink function in PHP 5.1.6 and earlier allows ... |
| CVE-2006-4812 | Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ... |
| CVE-2006-4625 | PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ... |
| CVE-2006-4486 | Integer overflow in memory allocation routines in PHP before 5.1.6, wh ... |
| CVE-2006-4485 | The stripos function in PHP before 5.1.5 has unknown impact and attack ... |
| CVE-2006-4483 | The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ... |
| CVE-2006-4482 | Multiple heap-based buffer overflows in the (1) str_repeat and (2) wor ... |
| CVE-2006-4481 | The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ... |
| CVE-2006-4433 | PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ... |
| CVE-2006-4020 | scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows contex ... |
| CVE-2006-3018 | Unspecified vulnerability in the session extension functionality in PH ... |
| CVE-2006-3017 | zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ... |
| CVE-2006-3016 | Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ... |
| CVE-2006-3011 | The error_log function in basic_functions.c in PHP before 4.4.4 and 5. ... |
| CVE-2006-2660 | Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ... |
| CVE-2006-2563 | The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ... |
| CVE-2006-1991 | The substr_compare function in string.c in PHP 5.1.2 allows context-de ... |
| CVE-2006-1990 | Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ... |
| CVE-2006-1608 | The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ... |
| CVE-2006-1549 | PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ... |
| CVE-2006-1494 | Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 all ... |
| CVE-2006-1490 | PHP before 5.1.3-RC1 might allow remote attackers to obtain portions o ... |
| CVE-2006-1015 | Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x appl ... |
| CVE-2006-1014 | Argument injection vulnerability in certain PHP 4.x and 5.x applicatio ... |
| CVE-2006-0996 | Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5. ... |
| CVE-2006-0208 | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5 ... |
| CVE-2006-0207 | Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow re ... |
| CVE-2006-0200 | Format string vulnerability in the error-reporting feature in the mysq ... |
| CVE-2006-0097 | Stack-based buffer overflow in the create_named_pipe function in libmy ... |
| CVE-2005-4154 | Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows u ... |
| CVE-2005-3883 | CRLF injection vulnerability in the mb_send_mail function in PHP befor ... |
| CVE-2005-3392 | Unspecified vulnerability in PHP before 4.4.1, when using the virtual ... |
| CVE-2005-3391 | Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ... |
| CVE-2005-3390 | The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5 ... |
| CVE-2005-3389 | The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, whe ... |
| CVE-2005-3388 | Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ... |
| CVE-2005-3353 | The exif_read_data function in the Exif module in PHP before 4.4.1 all ... |
| CVE-2005-3319 | The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php ... |
| CVE-2005-3054 | fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not p ... |
| CVE-2005-2498 | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML- ... |
| CVE-2002-1954 | Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ... |