| Bug | Description |
|---|
| CVE-2006-0931 | Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ... |
| CVE-2006-4023 | The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ... |
| CVE-2006-6383 | PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ... |
| CVE-2006-7205 | The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ... |
| CVE-2007-0448 | The fopen function in PHP 5.2.0 does not properly handle invalid URI ... |
| CVE-2007-1413 | Buffer overflow in the snmpget function in the snmp extension in PHP ... |
| CVE-2007-1581 | The resource system in PHP 5.0.0 through 5.2.1 allows ... |
| CVE-2007-1582 | The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ... |
| CVE-2007-1710 | The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ... |
| CVE-2007-1835 | PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ... |
| CVE-2007-1883 | PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ... |
| CVE-2007-1890 | Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ... |
| CVE-2007-3205 | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ... |
| CVE-2007-3294 | Multiple buffer overflows in libtidy, as used in the Tidy extension ... |
| CVE-2007-4255 | Buffer overflow in the mSQL extension in PHP 5.2.3 allows ... |
| CVE-2007-4596 | The perl extension in PHP does not follow safe_mode restrictions, ... |
| CVE-2007-4889 | The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ... |
| CVE-2007-5424 | The disable_functions feature in PHP 4 and 5 allows attackers to ... |
| CVE-2008-2666 | Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ... |
| CVE-2008-4107 | The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ... |
| CVE-2008-5625 | PHP 5 before 5.2.7 does not enforce the error_log safe_mode ... |
| CVE-2008-7002 | PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ... |
| CVE-2009-3559 | ** DISPUTED ** ... |
| CVE-2009-4418 | The unserialize function in PHP 5.3.0 and earlier allows ... |
| CVE-2010-1861 | The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ... |
| CVE-2010-1862 | The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ... |
| CVE-2010-1868 | The (1) sqlite_single_query and (2) sqlite_array_query functions in ... |
| CVE-2010-1914 | The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ... |
| CVE-2010-1915 | The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ... |
| CVE-2010-2097 | The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ... |
| CVE-2010-2100 | The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ... |
| CVE-2010-2101 | The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ... |
| CVE-2010-2190 | The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ... |
| CVE-2010-3062 | mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ... |
| CVE-2010-3063 | The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ... |
| CVE-2010-3064 | Stack-based buffer overflow in the php_mysqlnd_auth_write function in ... |
| CVE-2010-4697 | Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ... |
| CVE-2010-4699 | The iconv_mime_decode_headers function in the Iconv extension in PHP ... |
| CVE-2011-0420 | The grapheme_extract function in the Internationalization extension ... |
| CVE-2011-0753 | Race condition in the PCNTL extension in PHP before 5.3.4, when a ... |
| CVE-2011-0755 | Integer overflow in the mt_rand function in PHP before 5.3.4 might ... |
| CVE-2011-1092 | Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ... |
| CVE-2011-1148 | Use-after-free vulnerability in the substr_replace function in PHP ... |
| CVE-2011-1464 | Buffer overflow in the strval function in PHP before 5.3.6, when the ... |
| CVE-2011-1467 | Unspecified vulnerability in the NumberFormatter::setSymbol (aka ... |
| CVE-2011-1468 | Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ... |
| CVE-2011-1469 | Unspecified vulnerability in the Streams component in PHP before 5.3.6 ... |
| CVE-2011-1470 | The Zip extension in PHP before 5.3.6 allows context-dependent ... |
| CVE-2011-1657 | The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ... |
| CVE-2011-3182 | PHP before 5.3.7 does not properly check the return values of the ... |
| CVE-2012-0789 | Memory leak in the timezone functionality in PHP before 5.3.9 allows ... |
| CVE-2012-1171 | safemode bypass after RSHUTDOWN |
| CVE-2012-2336 | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ... |
| TEMP-0000000-A7D1F4 | PHP 5.2.9 curl safe_mode & open_basedir bypass |
| Bug | Description |
|---|
| CVE-2002-1954 | Cross-site scripting (XSS) vulnerability in the phpinfo function in ... |
| CVE-2005-2498 | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ... |
| CVE-2005-3054 | fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ... |
| CVE-2005-3319 | The apache2handler SAPI (sapi_apache2.c) in the Apache module ... |
| CVE-2005-3353 | The exif_read_data function in the Exif module in PHP before 4.4.1 ... |
| CVE-2005-3388 | Cross-site scripting (XSS) vulnerability in the phpinfo function in ... |
| CVE-2005-3389 | The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ... |
| CVE-2005-3390 | The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ... |
| CVE-2005-3391 | Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ... |
| CVE-2005-3392 | Unspecified vulnerability in PHP before 4.4.1, when using the virtual ... |
| CVE-2005-3883 | CRLF injection vulnerability in the mb_send_mail function in PHP ... |
| CVE-2005-4154 | Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ... |
| CVE-2006-0097 | Stack-based buffer overflow in the create_named_pipe function in ... |
| CVE-2006-0200 | Format string vulnerability in the error-reporting feature in the ... |
| CVE-2006-0207 | Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ... |
| CVE-2006-0208 | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ... |
| CVE-2006-0996 | Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ... |
| CVE-2006-1014 | Argument injection vulnerability in certain PHP 4.x and 5.x ... |
| CVE-2006-1015 | Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ... |
| CVE-2006-1490 | PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ... |
| CVE-2006-1494 | Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ... |
| CVE-2006-1549 | PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ... |
| CVE-2006-1608 | The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ... |
| CVE-2006-1990 | Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ... |
| CVE-2006-1991 | The substr_compare function in string.c in PHP 5.1.2 allows ... |
| CVE-2006-2563 | The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ... |
| CVE-2006-2660 | Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ... |
| CVE-2006-3011 | The error_log function in basic_functions.c in PHP before 4.4.4 and ... |
| CVE-2006-3016 | Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ... |
| CVE-2006-3017 | zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ... |
| CVE-2006-3018 | Unspecified vulnerability in the session extension functionality in ... |
| CVE-2006-4020 | scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ... |
| CVE-2006-4433 | PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ... |
| CVE-2006-4481 | The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ... |
| CVE-2006-4482 | Multiple heap-based buffer overflows in the (1) str_repeat and (2) ... |
| CVE-2006-4483 | The cURL extension files (1) ext/curl/interface.c and (2) ... |
| CVE-2006-4485 | The stripos function in PHP before 5.1.5 has unknown impact and attack ... |
| CVE-2006-4486 | Integer overflow in memory allocation routines in PHP before 5.1.6, ... |
| CVE-2006-4625 | PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ... |
| CVE-2006-4812 | Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ... |
| CVE-2006-5178 | Race condition in the symlink function in PHP 5.1.6 and earlier allows ... |
| CVE-2006-5465 | Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ... |
| CVE-2006-5706 | Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ... |
| CVE-2006-7243 | PHP before 5.3.4 accepts the \0 character in a pathname, which might ... |
| CVE-2007-0905 | PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ... |
| CVE-2007-0906 | Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ... |
| CVE-2007-0907 | Buffer underflow in PHP before 5.2.1 allows attackers to cause a ... |
| CVE-2007-0908 | The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ... |
| CVE-2007-0909 | Multiple format string vulnerabilities in PHP before 5.2.1 might allow ... |
| CVE-2007-0910 | Unspecified vulnerability in PHP before 5.2.1 allows attackers to ... |
| CVE-2007-0911 | Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ... |
| CVE-2007-0988 | The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ... |
| CVE-2007-1285 | The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ... |
| CVE-2007-1286 | Integer overflow in PHP 4.4.4 and earlier allows remote ... |
| CVE-2007-1375 | Integer overflow in the substr_compare function in PHP 5.2.1 and ... |
| CVE-2007-1376 | The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ... |
| CVE-2007-1380 | The php_binary serialization handler in the session extension in PHP ... |
| CVE-2007-1381 | The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ... |
| CVE-2007-1396 | The import_request_variables function in PHP 4.0.7 through 4.4.6, and ... |
| CVE-2007-1399 | Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ... |
| CVE-2007-1411 | Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ... |
| CVE-2007-1412 | The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ... |
| CVE-2007-1452 | The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ... |
| CVE-2007-1453 | Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ... |
| CVE-2007-1454 | ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ... |
| CVE-2007-1460 | The zip:// URL wrapper provided by the PECL zip extension in PHP ... |
| CVE-2007-1461 | The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ... |
| CVE-2007-1484 | The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ... |
| CVE-2007-1521 | Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ... |
| CVE-2007-1522 | Double free vulnerability in the session extension in PHP 5.2.0 and ... |
| CVE-2007-1583 | The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ... |
| CVE-2007-1649 | PHP 5.2.1 allows context-dependent attackers to read portions of heap ... |
| CVE-2007-1700 | The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ... |
| CVE-2007-1701 | PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ... |
| CVE-2007-1711 | Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ... |
| CVE-2007-1717 | The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ... |
| CVE-2007-1718 | CRLF injection vulnerability in the mail function in PHP 4.0.0 through ... |
| CVE-2007-1777 | Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ... |
| CVE-2007-1824 | Buffer overflow in the php_stream_filter_create function in PHP 5 ... |
| CVE-2007-1864 | Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ... |
| CVE-2007-1887 | Buffer overflow in the sqlite_decode_binary function in the bundled ... |
| CVE-2007-1889 | Integer signedness error in the _zend_mm_alloc_int function in the ... |
| CVE-2007-1900 | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ... |
| CVE-2007-2509 | CRLF injection vulnerability in the ftp_putcmd function in PHP before ... |
| CVE-2007-2510 | Buffer overflow in the make_http_soap_request function in PHP before ... |
| CVE-2007-2511 | Buffer overflow in the user_filter_factory_create function in PHP ... |
| CVE-2007-2519 | Directory traversal vulnerability in the installer in PEAR 1.0 through ... |
| CVE-2007-2727 | The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ... |
| CVE-2007-2728 | The soap extension in PHP calls php_rand_r with an uninitialized seed ... |
| CVE-2007-2748 | The substr_count function in PHP 5.2.1 and earlier allows ... |
| CVE-2007-2844 | PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ... |
| CVE-2007-2872 | Multiple integer overflows in the chunk_split function in PHP 5 before ... |
| CVE-2007-3007 | PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ... |
| CVE-2007-3378 | The (1) session_save_path, (2) ini_set, and (3) error_log functions in ... |
| CVE-2007-3790 | The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ... |
| CVE-2007-3799 | The session_start function in ext/session in PHP 4.x up to 4.4.7 and ... |
| CVE-2007-3806 | The glob function in PHP 5.2.3 allows context-dependent attackers to ... |
| CVE-2007-3997 | The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ... |
| CVE-2007-3998 | The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ... |
| CVE-2007-4010 | The win32std extension in PHP 5.2.3 does not follow safe_mode and ... |
| CVE-2007-4441 | Buffer overflow in php_win32std.dll in the win32std extension for PHP ... |
| CVE-2007-4652 | The session extension in PHP before 5.2.4 might allow local users to ... |
| CVE-2007-4657 | Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ... |
| CVE-2007-4658 | The money_format function in PHP 5 before 5.2.4, and PHP 4 before ... |
| CVE-2007-4659 | The zend_alter_ini_entry function in PHP before 5.2.4 does not ... |
| CVE-2007-4660 | Unspecified vulnerability in the chunk_split function in PHP before ... |
| CVE-2007-4661 | The chunk_split function in string.c in PHP 5.2.3 does not properly ... |
| CVE-2007-4662 | Buffer overflow in the php_openssl_make_REQ function in PHP before ... |
| CVE-2007-4663 | Directory traversal vulnerability in PHP before 5.2.4 allows attackers ... |
| CVE-2007-4670 | Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ... |
| CVE-2007-4782 | PHP before 5.2.3 allows context-dependent attackers to cause a denial ... |
| CVE-2007-4783 | The iconv_substr function in PHP 5.2.4 and earlier allows ... |
| CVE-2007-4784 | The setlocale function in PHP before 5.2.4 allows context-dependent ... |
| CVE-2007-4825 | Directory traversal vulnerability in PHP 5.2.4 and earlier allows ... |
| CVE-2007-4850 | curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ... |
| CVE-2007-4887 | The dl function in PHP 5.2.4 and earlier allows context-dependent ... |
| CVE-2007-5653 | The Component Object Model (COM) functions in PHP 5.x on Windows do ... |
| CVE-2007-5898 | The (1) htmlentities and (2) htmlspecialchars functions in PHP before ... |
| CVE-2007-5899 | The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ... |
| CVE-2007-6039 | PHP 5.2.5 and earlier allows context-dependent attackers to cause a ... |
| CVE-2008-0599 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before ... |
| CVE-2008-0674 | Buffer overflow in PCRE before 7.6 allows remote attackers to execute ... |
| CVE-2008-1384 | Integer overflow in PHP 5.2.5 and earlier allows context-dependent ... |
| CVE-2008-2050 | Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ... |
| CVE-2008-2051 | The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ... |
| CVE-2008-2107 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ... |
| CVE-2008-2108 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ... |
| CVE-2008-2665 | Directory traversal vulnerability in the posix_access function in PHP ... |
| CVE-2008-2829 | php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ... |
| CVE-2008-3658 | Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ... |
| CVE-2008-3659 | Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ... |
| CVE-2008-3660 | PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ... |
| CVE-2008-5498 | Array index error in the imageRotate function in PHP 5.2.8 and earlier ... |
| CVE-2008-5557 | Heap-based buffer overflow in ... |
| CVE-2008-5624 | PHP 5 before 5.2.7 does not properly initialize the page_uid and ... |
| CVE-2008-5658 | Directory traversal vulnerability in the ZipArchive::extractTo ... |
| CVE-2008-5814 | Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ... |
| CVE-2008-5844 | PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ... |
| CVE-2008-7068 | The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ... |
| CVE-2009-0754 | PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ... |
| CVE-2009-1271 | The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ... |
| CVE-2009-1272 | The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ... |
| CVE-2009-2626 | The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ... |
| CVE-2009-2687 | The exif_read_data function in the Exif module in PHP before 5.2.10 ... |
| CVE-2009-3291 | The php_openssl_apply_verification_policy function in PHP before ... |
| CVE-2009-3292 | Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ... |
| CVE-2009-3293 | Unspecified vulnerability in the imagecolortransparent function in PHP ... |
| CVE-2009-3294 | The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ... |
| CVE-2009-3546 | The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ... |
| CVE-2009-3557 | The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ... |
| CVE-2009-3558 | The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ... |
| CVE-2009-4017 | PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ... |
| CVE-2009-4018 | The proc_open function in ext/standard/proc_open.c in PHP before ... |
| CVE-2009-4142 | The htmlspecialchars function in PHP before 5.2.12 does not properly ... |
| CVE-2009-4143 | PHP before 5.2.12 does not properly handle session data, which has ... |
| CVE-2009-5016 | Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ... |
| CVE-2010-0397 | The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ... |
| CVE-2010-1128 | The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ... |
| CVE-2010-1129 | The safe_mode implementation in PHP before 5.2.13 does not properly ... |
| CVE-2010-1130 | session.c in the session extension in PHP before 5.2.13, and 5.3.1, ... |
| CVE-2010-1860 | The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ... |
| CVE-2010-1864 | The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ... |
| CVE-2010-1866 | The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ... |
| CVE-2010-1917 | Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ... |
| CVE-2010-2093 | Use-after-free vulnerability in the request shutdown functionality in ... |
| CVE-2010-2094 | Multiple format string vulnerabilities in the phar extension in PHP ... |
| CVE-2010-2191 | The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ... |
| CVE-2010-2225 | Use-after-free vulnerability in the SplObjectStorage unserializer in ... |
| CVE-2010-2484 | The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ... |
| CVE-2010-2531 | The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ... |
| CVE-2010-2950 | Format string vulnerability in stream.c in the phar extension in PHP ... |
| CVE-2010-3065 | The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ... |
| CVE-2010-3436 | fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ... |
| CVE-2010-3709 | The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ... |
| CVE-2010-3710 | Stack consumption vulnerability in the filter_var function in PHP ... |
| CVE-2010-3870 | The utf8_decode function in PHP before 5.3.4 does not properly handle ... |
| CVE-2010-4150 | Double free vulnerability in the imap_do_open function in the IMAP ... |
| CVE-2010-4156 | The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ... |
| CVE-2010-4409 | Integer overflow in the NumberFormatter::getSymbol (aka ... |
| CVE-2010-4645 | strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ... |
| CVE-2010-4698 | Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ... |
| CVE-2010-4700 | The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ... |
| CVE-2011-0421 | The _zip_name_locate function in zip_name_locate.c in the Zip ... |
| CVE-2011-0441 | The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows ... |
| CVE-2011-0708 | exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ... |
| CVE-2011-0752 | The extract function in PHP before 5.2.15 does not prevent use of the ... |
| CVE-2011-0754 | The SplFileInfo::getType function in the Standard PHP Library (SPL) ... |
| CVE-2011-1072 | The installer in PEAR before 1.9.2 allows local users to overwrite ... |
| CVE-2011-1144 | The installer in PEAR 1.9.2 and earlier allows local users to ... |
| CVE-2011-1153 | Multiple format string vulnerabilities in phar_object.c in the phar ... |
| CVE-2011-1466 | Integer overflow in the SdnToJulian function in the Calendar extension ... |
| CVE-2011-1471 | Integer signedness error in zip_stream.c in the Zip extension in PHP ... |
| CVE-2011-1938 | Stack-based buffer overflow in the socket_connect function in ... |
| CVE-2011-2202 | The rfc1867_post_handler function in main/rfc1867.c in PHP before ... |
| CVE-2011-2483 | crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain ... |
| CVE-2011-3189 | The crypt function in PHP 5.3.7, when the MD5 hash type is used, ... |
| CVE-2011-3267 | PHP before 5.3.7 does not properly implement the error_log function, ... |
| CVE-2011-3268 | Buffer overflow in the crypt function in PHP before 5.3.7 allows ... |
| CVE-2011-3379 | The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the ... |
| CVE-2011-4153 | PHP 5.3.8 does not always check the return value of the zend_strndup ... |
| CVE-2011-4566 | Integer overflow in the exif_process_IFD_TAG function in exif.c in the ... |
| CVE-2011-4885 | PHP before 5.3.9 computes hash values for form parameters without ... |
| CVE-2012-0057 | PHP before 5.3.9 has improper libxslt security settings, which allows ... |
| CVE-2012-0781 | The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ... |
| CVE-2012-0788 | The PDORow implementation in PHP before 5.3.9 does not properly ... |
| CVE-2012-0830 | The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ... |
| CVE-2012-0831 | PHP before 5.3.10 does not properly perform a temporary change to the ... |
| CVE-2012-1172 | PHP 5.3.x Corrupted $_FILES indices lead to security concern |
| CVE-2012-2317 | php5 crypt() empty salt issue |
| TEMP-0000000-F647EF | Missing safemode checks in PHP's _php_image_output functions |
| TEMP-0540606-8877D9 | php5: 'open_basedir' bypass |