Shodan
Vulnerabilities
Vulnerable Software
Php:  >> Php  >> 5.2.14  Security Vulnerabilities
CVE-2010-3436
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
CVSS Score
5.0
EPSS Score
0.036
Published
2010-11-09
CVE-2010-3709
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
CVSS Score
4.3
EPSS Score
0.061
Published
2010-11-09
CVE-2010-3710
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
CVSS Score
4.3
EPSS Score
0.037
Published
2010-10-25
CVE-2009-4418
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-12-24
CVE-2007-4658
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVSS Score
7.5
EPSS Score
0.022
Published
2007-09-04
CVE-2007-3799
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVSS Score
4.3
EPSS Score
0.095
Published
2007-07-16
CVE-2007-3205
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
CVSS Score
5.0
EPSS Score
0.02
Published
2007-06-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved