Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
Max CVSS
7.5
EPSS Score
49.18%
Published
2006-11-04
Updated
2018-10-30
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Max CVSS
10.0
EPSS Score
57.96%
Published
2006-10-10
Updated
2018-10-30
2 vulnerabilities found