Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
Max CVSS
7.5
EPSS Score
49.18%
Published
2006-11-04
Updated
2018-10-30
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Max CVSS
10.0
EPSS Score
57.96%
Published
2006-10-10
Updated
2018-10-30
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
Max CVSS
4.6
EPSS Score
0.18%
Published
2006-08-08
Updated
2018-10-30
3 vulnerabilities found