CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

PHP » PHP » 5.1.4 : Security Vulnerabilities

Cpe Name:cpe:/a:php:php:5.1.4
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-4485 2006-08-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
2 CVE-2006-4812 94 Exec Code Overflow 2006-10-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
3 CVE-2007-0910 2007-02-13 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
4 CVE-2008-0599 Exec Code 2008-05-05 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
5 CVE-2008-2050 119 Overflow 2008-05-05 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
6 CVE-2008-2051 2008-05-05 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
7 CVE-2008-5557 119 Exec Code Overflow 2008-12-23 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
8 CVE-2009-4143 2009-12-21 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
9 CVE-2011-3268 119 Overflow 2011-08-25 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
10 CVE-2012-2376 119 1 Exec Code Overflow 2012-05-21 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
11 CVE-2012-2688 Overflow 2012-07-20 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
12 CVE-2006-1017 2006-03-06 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
13 CVE-2006-4482 119 Overflow 2006-08-31 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
14 CVE-2006-4483 2006-08-31 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
15 CVE-2007-1581 94 Exec Code 2007-03-21 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.
16 CVE-2007-2844 2007-05-24 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
17 CVE-2007-1461 264 2007-03-14 2011-07-13
7.8
None Remote Low Not required Complete None None
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.
18 CVE-2007-1718 2007-03-27 2018-10-30
7.8
None Remote Low Not required None Complete None
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
19 CVE-2007-1883 2007-04-05 2018-10-30
7.8
None Remote Low Not required Complete None None
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.
20 CVE-2006-5465 Exec Code Overflow 2006-11-03 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
21 CVE-2007-0905 Bypass 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
22 CVE-2007-0906 119 DoS Exec Code Overflow 2007-02-13 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
23 CVE-2007-0909 Exec Code 2007-02-13 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
24 CVE-2007-1376 2007-03-09 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
25 CVE-2007-1700 Exec Code 2007-03-26 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
26 CVE-2007-1825 Exec Code Overflow 2007-04-02 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.
27 CVE-2007-1864 119 Overflow 2007-05-08 2019-05-22
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
28 CVE-2007-1885 Exec Code Overflow 2007-04-05 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.
29 CVE-2007-1887 Exec Code Overflow 2007-04-05 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
30 CVE-2007-1888 Exec Code Overflow 2007-04-05 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.
31 CVE-2007-1890 Exec Code Overflow 2007-04-05 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.
32 CVE-2007-3997 264 Bypass 2007-09-04 2018-10-26
7.5
None Remote Low Not required Partial Partial Partial
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
33 CVE-2007-4657 119 DoS Overflow +Info 2007-09-04 2018-10-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
34 CVE-2007-4658 2007-09-04 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
35 CVE-2008-2107 189 Bypass 2008-05-07 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
36 CVE-2008-2108 189 2008-05-07 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
37 CVE-2008-5624 264 Bypass 2008-12-17 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.
38 CVE-2008-5625 264 2008-12-17 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
39 CVE-2008-5658 22 Dir. Trav. 2008-12-17 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
40 CVE-2009-3291 20 2009-09-22 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
41 CVE-2009-3292 2009-09-22 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
42 CVE-2009-3293 2009-09-22 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
43 CVE-2009-4018 264 2009-11-29 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
44 CVE-2011-1092 189 1 DoS Overflow 2011-03-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
45 CVE-2011-1153 134 DoS Exec Code Mem. Corr. +Info 2011-03-16 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
46 CVE-2012-1823 20 Exec Code 2012-05-11 2018-01-17
7.5
None Remote Low Not required Partial Partial Partial
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
47 CVE-2012-2311 89 Exec Code Sql 2012-05-11 2018-01-17
7.5
None Remote Low Not required Partial Partial Partial
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
48 CVE-2012-2386 189 DoS Exec Code Overflow 2012-07-07 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
49 CVE-2013-1635 264 Bypass 2013-03-06 2014-01-27
7.5
None Remote Low Not required Partial Partial Partial
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
50 CVE-2014-9427 119 Exec Code Overflow +Info 2015-01-02 2016-12-30
7.5
None Remote Low Not required Partial Partial Partial
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
Total number of vulnerabilities : 154   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.