PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
Max CVSS
9.3
EPSS Score
3.05%
Published
2007-05-24
Updated
2018-10-30
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
Max CVSS
7.2
EPSS Score
0.08%
Published
2007-05-09
Updated
2018-10-30
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.81%
Published
2007-05-09
Updated
2019-05-22
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Max CVSS
10.0
EPSS Score
1.13%
Published
2007-05-24
Updated
2008-09-11
4 vulnerabilities found