Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
CVSS Score
6.8
EPSS Score
0.754
Published
2007-03-06
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
CVSS Score
4.3
EPSS Score
0.018
Published
2007-02-20
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
CVSS Score
5.0
EPSS Score
0.108
Published
2007-02-13
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.063
Published
2007-02-13
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVSS Score
7.2
EPSS Score
0.0
Published
2006-11-04
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
CVSS Score
7.5
EPSS Score
0.235
Published
2006-11-04
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
CVSS Score
6.2
EPSS Score
0.001
Published
2006-10-10
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVSS Score
9.3
EPSS Score
0.055
Published
2006-08-31
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
CVSS Score
9.3
EPSS Score
0.013
Published
2006-08-31
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
CVSS Score
4.6
EPSS Score
0.005
Published
2006-06-26