Information on source package php5

Available versions

ReleaseVersion
wheezy5.4.45-0+deb7u2
wheezy (security)5.4.45-0+deb7u5
jessie (security)5.6.24+dfsg-0+deb8u1
sid5.6.26+dfsg-1

Open issues

BugwheezyjessiesidDescription
TEMP-0800564-79703Bvulnerable (no DSA)vulnerable (no DSA)vulnerabletrivial hash complexity DoS attack
TEMP-0000000-F26C42vulnerable (no DSA)fixedfixedType confusion vulnerability in WDDX packet deserialization
TEMP-0000000-EA5272vulnerable (no DSA)fixedfixedNULL Pointer Dereference in phar_tar_setupmetadata()
TEMP-0000000-D591DCvulnerable (no DSA)fixedfixedInteger overflow in iptcembed()
TEMP-0000000-B391CAvulnerable (no DSA)fixedfixedexec functions ignore length but look for NULL termination
TEMP-0000000-A9D025vulnerable (no DSA)fixedfixedCrash on bad SOAP request
TEMP-0000000-35D7C1vulnerable (no DSA)fixedfixedOutput of stream_get_meta_data can be falsified by its input
CVE-2016-7418vulnerablevulnerablefixedThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...
CVE-2016-7417vulnerablevulnerablefixedext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 ...
CVE-2016-7416vulnerablevulnerablefixedext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x ...
CVE-2016-7414vulnerablevulnerablefixedThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x ...
CVE-2016-7413vulnerablevulnerablefixedUse-after-free vulnerability in the wddx_stack_destroy function in ...
CVE-2016-7412vulnerablevulnerablefixedext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...
CVE-2016-7411vulnerablevulnerablefixedext/standard/var_unserializer.re in PHP before 5.6.26 mishandles ...
CVE-2016-7132vulnerablevulnerablefixedext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...
CVE-2016-7131vulnerablevulnerablefixedext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...
CVE-2016-7130vulnerablevulnerablefixedThe php_wddx_pop_element function in ext/wddx/wddx.c in PHP before ...
CVE-2016-7129vulnerablevulnerablefixedThe php_wddx_process_data function in ext/wddx/wddx.c in PHP before ...
CVE-2016-7128vulnerablevulnerablefixedThe exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...
CVE-2016-7125vulnerablevulnerablefixedext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...
CVE-2016-7124vulnerablevulnerablefixedext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...
CVE-2016-5385vulnerablefixedfixedPHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...
CVE-2016-4342vulnerable (no DSA)fixedfixedext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and ...
CVE-2016-3142vulnerable (no DSA)fixedfixedThe phar_parse_zipfile function in zip.c in the PHAR extension in PHP ...
CVE-2016-3141vulnerable (no DSA)fixedfixedUse-after-free vulnerability in wddx.c in the WDDX extension in PHP ...
CVE-2016-2554vulnerable (no DSA)fixedfixedStack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, ...
CVE-2014-5459vulnerable (no DSA)vulnerable (no DSA)vulnerableThe PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...
CVE-2011-4718vulnerable (no DSA)fixedfixedSession fixation vulnerability in the Sessions subsystem in PHP before ...

Open unimportant issues

BugwheezyjessiesidDescription
CVE-2016-7127vulnerablevulnerablefixedThe imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...
CVE-2016-7126vulnerablevulnerablefixedThe imagetruecolortopalette function in ext/gd/gd.c in PHP before ...
CVE-2016-6207vulnerablefixedfixedInteger overflow in the _gdContributionsAlloc function in ...
CVE-2016-6128fixedvulnerablevulnerableThe gdImageCropThreshold function in gd_crop.c in the GD Graphics ...
CVE-2016-5767vulnerablefixedfixedInteger overflow in the gdImageCreate function in gd.c in the GD ...
CVE-2016-5766vulnerablefixedfixedInteger overflow in the _gd2GetHeader function in gd_gd2.c in the GD ...
CVE-2016-5116vulnerablevulnerablevulnerablegd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...
CVE-2016-3074vulnerablefixedfixedInteger signedness error in GD Graphics Library 2.1.1 (aka libgd or ...
CVE-2015-8877vulnerablefixedfixedThe gdImageScaleTwoPass function in gd_interpolation.c in the GD ...
CVE-2015-8874vulnerablefixedfixedStack consumption vulnerability in GD in PHP before 5.6.12 allows ...
CVE-2015-4116vulnerablefixedfixedUse-after-free vulnerability in the spl_ptr_heap_insert function in ...
CVE-2014-9709vulnerablefixedfixedThe GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...
CVE-2014-9425vulnerablevulnerablevulnerableDouble free vulnerability in the zend_ts_hash_graceful_destroy ...
CVE-2014-4698vulnerablefixedfixedUse-after-free vulnerability in ext/spl/spl_array.c in the SPL ...
CVE-2014-3981vulnerablefixedfixedacinclude.m4, as used in the configure script in PHP 5.5.13 and ...
CVE-2014-3622vulnerablefixedfixedPosthandler Potential Illegal efree() vulnerability
CVE-2013-7456vulnerablefixedfixedgd_interpolation.c in the GD Graphics Library (aka libgd) before ...
CVE-2013-6501vulnerablevulnerablevulnerableThe default soap.wsdl_cache_dir setting in (1) php.ini-production and ...
CVE-2013-4635vulnerablefixedfixedInteger overflow in the SdnToJewish function in jewish.c in the ...
CVE-2013-3735vulnerablevulnerablevulnerable** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...
CVE-2012-3365vulnerablevulnerablevulnerableThe SQLite functionality in PHP before 5.3.15 allows remote attackers ...
CVE-2012-1171vulnerablevulnerablevulnerableThe libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...
CVE-2010-3064vulnerablevulnerablevulnerableStack-based buffer overflow in the php_mysqlnd_auth_write function in ...
CVE-2010-3063vulnerablevulnerablevulnerableThe php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...
CVE-2010-3062vulnerablevulnerablevulnerablemysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...
CVE-2010-2190vulnerablevulnerablevulnerableThe (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...
CVE-2010-2101vulnerablevulnerablevulnerableThe (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...
CVE-2010-2100vulnerablevulnerablevulnerableThe (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...
CVE-2010-2097vulnerablevulnerablevulnerableThe (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...
CVE-2010-1915vulnerablevulnerablevulnerableThe preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1914vulnerablevulnerablevulnerableThe Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...
CVE-2010-1868vulnerablevulnerablevulnerableThe (1) sqlite_single_query and (2) sqlite_array_query functions in ...
CVE-2010-1862vulnerablevulnerablevulnerableThe chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1861vulnerablevulnerablevulnerableThe sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...
CVE-2009-4418vulnerablevulnerablevulnerableThe unserialize function in PHP 5.3.0 and earlier allows ...
CVE-2009-3559vulnerablevulnerablevulnerable** DISPUTED ** ...
CVE-2008-7002vulnerablevulnerablevulnerablePHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...
CVE-2008-5625vulnerablevulnerablevulnerablePHP 5 before 5.2.7 does not enforce the error_log safe_mode ...
CVE-2008-4107vulnerablevulnerablevulnerableThe (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...
CVE-2008-2666vulnerablevulnerablevulnerableMultiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...
CVE-2007-5424vulnerablevulnerablevulnerableThe disable_functions feature in PHP 4 and 5 allows attackers to ...
CVE-2007-4889vulnerablevulnerablevulnerableThe MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...
CVE-2007-4596vulnerablevulnerablevulnerableThe perl extension in PHP does not follow safe_mode restrictions, ...
CVE-2007-4255vulnerablevulnerablevulnerableBuffer overflow in the mSQL extension in PHP 5.2.3 allows ...
CVE-2007-3294vulnerablevulnerablevulnerableMultiple buffer overflows in libtidy, as used in the Tidy extension ...
CVE-2007-3205vulnerablevulnerablevulnerableThe parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...
CVE-2007-1890vulnerablevulnerablevulnerableInteger overflow in the msg_receive function in PHP 4 before 4.4.5 and ...
CVE-2007-1883vulnerablevulnerablevulnerablePHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...
CVE-2007-1835vulnerablevulnerablevulnerablePHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...
CVE-2007-1710vulnerablevulnerablevulnerableThe readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...
CVE-2007-1582vulnerablevulnerablevulnerableThe resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1581vulnerablevulnerablevulnerableThe resource system in PHP 5.0.0 through 5.2.1 allows ...
CVE-2007-1413vulnerablevulnerablevulnerableBuffer overflow in the snmpget function in the snmp extension in PHP ...
CVE-2007-0448vulnerablevulnerablevulnerableThe fopen function in PHP 5.2.0 does not properly handle invalid URI ...
CVE-2006-7205vulnerablevulnerablevulnerableThe array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...
CVE-2006-6383vulnerablevulnerablevulnerablePHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...
CVE-2006-4023vulnerablevulnerablevulnerableThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...
CVE-2006-0931vulnerablevulnerablevulnerableDirectory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...

Resolved issues

BugDescription
TEMP-0540606-8877D9php5: 'open_basedir' bypass
TEMP-0000000-FE3BD0Session WDDX Packet Deserialization Type Confusion Vulnerability
TEMP-0000000-F647EFMissing safemode checks in PHP's _php_image_output functions
TEMP-0000000-F1CA5FType Confusion Vulnerability in PHP_to_XMLRPC_worker()
TEMP-0000000-5909B0Use-after-free in WDDX Packet Deserialization
CVE-2016-7134ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a ...
CVE-2016-7133Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is ...
CVE-2016-6297Integer overflow in the php_stream_zip_opener function in ...
CVE-2016-6296Integer signedness error in the simplestring_addn function in ...
CVE-2016-6295ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x ...
CVE-2016-6294The locale_accept_from_http function in ...
CVE-2016-6292The exif_process_user_comment function in ext/exif/exif.c in PHP ...
CVE-2016-6291The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP ...
CVE-2016-6290ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and ...
CVE-2016-6289Integer overflow in the virtual_file_ex function in ...
CVE-2016-6288The php_url_parse_ex function in ext/standard/url.c in PHP before ...
CVE-2016-5773php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before ...
CVE-2016-5772Double free vulnerability in the php_wddx_process_data function in ...
CVE-2016-5771spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...
CVE-2016-5770Integer overflow in the SplFileObject::fread function in ...
CVE-2016-5769Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...
CVE-2016-5768Double free vulnerability in the _php_mb_regex_ereg_replace_exec ...
CVE-2016-5399Improper error handling in bzread()
CVE-2016-5114sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...
CVE-2016-5096Integer overflow in the fread function in ext/standard/file.c in PHP ...
CVE-2016-5095Integer overflow in the php_escape_html_entities_ex function in ...
CVE-2016-5094Integer overflow in the php_html_entities function in ...
CVE-2016-5093The get_icu_value_internal function in ...
CVE-2016-4544The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP ...
CVE-2016-4543The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...
CVE-2016-4542The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before ...
CVE-2016-4541The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...
CVE-2016-4540The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c ...
CVE-2016-4539The xml_parse_into_struct function in ext/xml/xml.c in PHP before ...
CVE-2016-4538The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...
CVE-2016-4537The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...
CVE-2016-4473
CVE-2016-4346Integer overflow in the str_pad function in ext/standard/string.c in ...
CVE-2016-4345Integer overflow in the php_filter_encode_url function in ...
CVE-2016-4344Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in ...
CVE-2016-4343The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...
CVE-2016-4073Multiple integer overflows in the mbfl_strcut function in ...
CVE-2016-4072The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...
CVE-2016-4071Format string vulnerability in the php_snmp_error function in ...
CVE-2016-4070** DISPUTED ** Integer overflow in the php_raw_url_encode function in ...
CVE-2016-3185The make_http_soap_request function in ext/soap/php_http.c in PHP ...
CVE-2016-1904Multiple integer overflows in ext/standard/exec.c in PHP 7.x before ...
CVE-2016-1903The gdImageRotateInterpolated function in ...
CVE-2015-8935The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...
CVE-2015-8879The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...
CVE-2015-8878main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before ...
CVE-2015-8876Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...
CVE-2015-8873Stack consumption vulnerability in Zend/zend_exceptions.c in PHP ...
CVE-2015-8867The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in ...
CVE-2015-8866ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...
CVE-2015-8865The file_check_mem function in funcs.c in file before 5.23, as used in ...
CVE-2015-8838ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and ...
CVE-2015-8835The make_http_soap_request function in ext/soap/php_http.c in PHP ...
CVE-2015-7804Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c ...
CVE-2015-7803The phar_get_entry_data function in ext/phar/util.c in PHP before ...
CVE-2015-6838The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...
CVE-2015-6837The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...
CVE-2015-6836The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, ...
CVE-2015-6835The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, ...
CVE-2015-6834Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x ...
CVE-2015-6833Directory traversal vulnerability in the PharData class in PHP before ...
CVE-2015-6832Use-after-free vulnerability in the SPL unserialize implementation in ...
CVE-2015-6831Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, ...
CVE-2015-6527The php_str_replace_in_subject function in ext/standard/string.c in ...
CVE-2015-5590Stack-based buffer overflow in the phar_fix_filepath function in ...
CVE-2015-5589The phar_convert_to_other function in ext/phar/phar_object.c in PHP ...
CVE-2015-4644The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka ...
CVE-2015-4643Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...
CVE-2015-4642The escapeshellarg function in ext/standard/exec.c in PHP before ...
CVE-2015-4605The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4604The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4603The exception::getTraceAsString function in Zend/zend_exceptions.c in ...
CVE-2015-4602The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...
CVE-2015-4601PHP before 5.6.7 might allow remote attackers to cause a denial of ...
CVE-2015-4600The SoapClient implementation in PHP before 5.4.40, 5.5.x before ...
CVE-2015-4599The SoapFault::__toString method in ext/soap/soap.c in PHP before ...
CVE-2015-4598PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does ...
CVE-2015-4148The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, ...
CVE-2015-4147The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...
CVE-2015-4026The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before ...
CVE-2015-4025PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 ...
CVE-2015-4024Algorithmic complexity vulnerability in the multipart_buffer_headers ...
CVE-2015-4022Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...
CVE-2015-4021The phar_parse_tarfile function in ext/phar/tar.c in PHP before ...
CVE-2015-3412PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...
CVE-2015-3411PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...
CVE-2015-3330The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...
CVE-2015-3329Multiple stack-based buffer overflows in the phar_set_inode function ...
CVE-2015-3307The phar_parse_metadata function in ext/phar/phar.c in PHP before ...
CVE-2015-3211
CVE-2015-2787Use-after-free vulnerability in the process_nested_data function in ...
CVE-2015-2783ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x ...
CVE-2015-2348The move_uploaded_file implementation in ...
CVE-2015-2331Integer overflow in the _zip_cdir_new function in zip_dirent.c in ...
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...
CVE-2015-2301Use-after-free vulnerability in the phar_rename_archive function in ...
CVE-2015-1352The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...
CVE-2015-1351Use-after-free vulnerability in the _zend_shared_memdup function in ...
CVE-2015-0273Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ...
CVE-2015-0232The exif_process_unicode function in ext/exif/exif.c in PHP before ...
CVE-2015-0231Use-after-free vulnerability in the process_nested_data function in ...
CVE-2014-9767Directory traversal vulnerability in the ZipArchive::extractTo ...
CVE-2014-9705Heap-based buffer overflow in the enchant_broker_request_dict function ...
CVE-2014-9653readelf.c in file before 5.22, as used in the Fileinfo component in ...
CVE-2014-9652The mconvert function in softmagic.c in file before 5.21, as used in ...
CVE-2014-9621The ELF parser in file 5.16 through 5.21 allows remote attackers to ...
CVE-2014-9620The ELF parser in file 5.08 through 5.21 allows remote attackers to ...
CVE-2014-9427sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...
CVE-2014-8626Stack-based buffer overflow in the date_from_ISO8601 function in ...
CVE-2014-8142Use-after-free vulnerability in the process_nested_data function in ...
CVE-2014-8117softmagic.c in file before 5.21 does not properly limit recursion, ...
CVE-2014-8116The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...
CVE-2014-5120gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x ...
CVE-2014-4721The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...
CVE-2014-4670Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL ...
CVE-2014-4049Heap-based buffer overflow in the php_parserr function in ...
CVE-2014-3710The donote function in readelf.c in file through 5.20, as used in the ...
CVE-2014-3670The exif_ifd_make_value function in exif.c in the EXIF extension in ...
CVE-2014-3669Integer overflow in the object_custom function in ...
CVE-2014-3668Buffer overflow in the date_from_ISO8601 function in the mkgmtime ...
CVE-2014-3597Multiple buffer overflows in the php_parserr function in ...
CVE-2014-3587Integer overflow in the cdf_read_property_info function in cdf.c in ...
CVE-2014-3538file before 5.19 does not properly restrict the amount of data read ...
CVE-2014-3515The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...
CVE-2014-3487The cdf_read_property_info function in file before 5.19, as used in ...
CVE-2014-3480The cdf_count_chain function in cdf.c in file before 5.19, as used in ...
CVE-2014-3479The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
CVE-2014-3478Buffer overflow in the mconvert function in softmagic.c in file before ...
CVE-2014-2497The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...
CVE-2014-2270softmagic.c in file before 5.17 and libmagic allows context-dependent ...
CVE-2014-2020ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...
CVE-2014-1943Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-0238The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-0237The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
CVE-2014-0236file before 5.18, as used in the Fileinfo component in PHP before ...
CVE-2014-0207The cdf_read_short_sector function in cdf.c in file before 5.19, as ...
CVE-2014-0185sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...
CVE-2013-7345The BEGIN regular expression in the awk script detector in ...
CVE-2013-7328Multiple integer signedness errors in the gdImageCrop function in ...
CVE-2013-7327The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...
CVE-2013-7226Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP ...
CVE-2013-6712The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...
CVE-2013-6420The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP ...
CVE-2013-4636The mget function in libmagic/softmagic.c in the Fileinfo component in ...
CVE-2013-4248The openssl_x509_parse function in openssl.c in the OpenSSL module in ...
CVE-2013-4113ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-2110Heap-based buffer overflow in the php_quot_print_encode function in ...
CVE-2013-1824The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows ...
CVE-2013-1643The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows ...
CVE-2013-1635ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...
CVE-2012-6113The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 ...
CVE-2012-5381** DISPUTED ** Untrusted search path vulnerability in the installation ...
CVE-2012-4388The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...
CVE-2012-3450pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...
CVE-2012-2688Unspecified vulnerability in the _php_stream_scandir function in the ...
CVE-2012-2386Integer overflow in the phar_parse_tarfile function in tar.c in the ...
CVE-2012-2376Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...
CVE-2012-2336sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2329Buffer overflow in the apache_request_headers function in ...
CVE-2012-2317The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...
CVE-2012-2311sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2143The crypt_des (aka DES-based crypt) function in FreeBSD before ...
CVE-2012-1823sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...
CVE-2012-1172The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...
CVE-2012-0831PHP before 5.3.10 does not properly perform a temporary change to the ...
CVE-2012-0830The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...
CVE-2012-0789Memory leak in the timezone functionality in PHP before 5.3.9 allows ...
CVE-2012-0788The PDORow implementation in PHP before 5.3.9 does not properly ...
CVE-2012-0781The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ...
CVE-2012-0057PHP before 5.3.9 has improper libxslt security settings, which allows ...
CVE-2011-4885PHP before 5.3.9 computes hash values for form parameters without ...
CVE-2011-4566Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...
CVE-2011-4153PHP 5.3.8 does not always check the return value of the zend_strndup ...
CVE-2011-3379The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the ...
CVE-2011-3268Buffer overflow in the crypt function in PHP before 5.3.7 allows ...
CVE-2011-3267PHP before 5.3.7 does not properly implement the error_log function, ...
CVE-2011-3189The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...
CVE-2011-3182PHP before 5.3.7 does not properly check the return values of the ...
CVE-2011-2483crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain ...
CVE-2011-2202The rfc1867_post_handler function in main/rfc1867.c in PHP before ...
CVE-2011-1938Stack-based buffer overflow in the socket_connect function in ...
CVE-2011-1657The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...
CVE-2011-1471Integer signedness error in zip_stream.c in the Zip extension in PHP ...
CVE-2011-1470The Zip extension in PHP before 5.3.6 allows context-dependent ...
CVE-2011-1469Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...
CVE-2011-1468Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...
CVE-2011-1467Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...
CVE-2011-1466Integer overflow in the SdnToJulian function in the Calendar extension ...
CVE-2011-1464Buffer overflow in the strval function in PHP before 5.3.6, when the ...
CVE-2011-1398The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...
CVE-2011-1153Multiple format string vulnerabilities in phar_object.c in the phar ...
CVE-2011-1148Use-after-free vulnerability in the substr_replace function in PHP ...
CVE-2011-1144The installer in PEAR 1.9.2 and earlier allows local users to ...
CVE-2011-1092Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...
CVE-2011-1072The installer in PEAR before 1.9.2 allows local users to overwrite ...
CVE-2011-0755Integer overflow in the mt_rand function in PHP before 5.3.4 might ...
CVE-2011-0754The SplFileInfo::getType function in the Standard PHP Library (SPL) ...
CVE-2011-0753Race condition in the PCNTL extension in PHP before 5.3.4, when a ...
CVE-2011-0752The extract function in PHP before 5.2.15 does not prevent use of the ...
CVE-2011-0708exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ...
CVE-2011-0441The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows ...
CVE-2011-0421The _zip_name_locate function in zip_name_locate.c in the Zip ...
CVE-2011-0420The grapheme_extract function in the Internationalization extension ...
CVE-2010-4700The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...
CVE-2010-4699The iconv_mime_decode_headers function in the Iconv extension in PHP ...
CVE-2010-4698Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...
CVE-2010-4697Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...
CVE-2010-4657xmlTextWriterWriteAttribute heap disclosure
CVE-2010-4645strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...
CVE-2010-4409Integer overflow in the NumberFormatter::getSymbol (aka ...
CVE-2010-4156The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...
CVE-2010-4150Double free vulnerability in the imap_do_open function in the IMAP ...
CVE-2010-3870The utf8_decode function in PHP before 5.3.4 does not properly handle ...
CVE-2010-3710Stack consumption vulnerability in the filter_var function in PHP ...
CVE-2010-3709The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...
CVE-2010-3436fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...
CVE-2010-3065The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-2950Format string vulnerability in stream.c in the phar extension in PHP ...
CVE-2010-2531The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...
CVE-2010-2484The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...
CVE-2010-2225Use-after-free vulnerability in the SplObjectStorage unserializer in ...
CVE-2010-2191The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...
CVE-2010-2094Multiple format string vulnerabilities in the phar extension in PHP ...
CVE-2010-2093Use-after-free vulnerability in the request shutdown functionality in ...
CVE-2010-1917Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-1866The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...
CVE-2010-1864The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1860The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-1130session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...
CVE-2010-1129The safe_mode implementation in PHP before 5.2.13 does not properly ...
CVE-2010-1128The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...
CVE-2010-0397The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...
CVE-2009-5016Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...
CVE-2009-4143PHP before 5.2.12 does not properly handle session data, which has ...
CVE-2009-4142The htmlspecialchars function in PHP before 5.2.12 does not properly ...
CVE-2009-4018The proc_open function in ext/standard/proc_open.c in PHP before ...
CVE-2009-4017PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...
CVE-2009-3558The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...
CVE-2009-3557The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...
CVE-2009-3294The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...
CVE-2009-3293Unspecified vulnerability in the imagecolortransparent function in PHP ...
CVE-2009-3292Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...
CVE-2009-3291The php_openssl_apply_verification_policy function in PHP before ...
CVE-2009-2687The exif_read_data function in the Exif module in PHP before 5.2.10 ...
CVE-2009-2626The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...
CVE-2009-1272The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...
CVE-2009-1271The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...
CVE-2009-0754PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...
CVE-2008-7068The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...
CVE-2008-5844PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...
CVE-2008-5814Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...
CVE-2008-5658Directory traversal vulnerability in the ZipArchive::extractTo ...
CVE-2008-5624PHP 5 before 5.2.7 does not properly initialize the page_uid and ...
CVE-2008-5557Heap-based buffer overflow in ...
CVE-2008-5498Array index error in the imageRotate function in PHP 5.2.8 and earlier ...
CVE-2008-3660PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...
CVE-2008-3659Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...
CVE-2008-3658Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...
CVE-2008-2829php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...
CVE-2008-2665Directory traversal vulnerability in the posix_access function in PHP ...
CVE-2008-2108The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2107The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2051The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...
CVE-2008-2050Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...
CVE-2008-1384Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...
CVE-2008-0674Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...
CVE-2008-0599The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...
CVE-2007-6039PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...
CVE-2007-5899The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...
CVE-2007-5898The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...
CVE-2007-5653The Component Object Model (COM) functions in PHP 5.x on Windows do ...
CVE-2007-4887The dl function in PHP 5.2.4 and earlier allows context-dependent ...
CVE-2007-4850curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...
CVE-2007-4825Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...
CVE-2007-4784The setlocale function in PHP before 5.2.4 allows context-dependent ...
CVE-2007-4783The iconv_substr function in PHP 5.2.4 and earlier allows ...
CVE-2007-4782PHP before 5.2.3 allows context-dependent attackers to cause a denial ...
CVE-2007-4670Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...
CVE-2007-4663Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...
CVE-2007-4662Buffer overflow in the php_openssl_make_REQ function in PHP before ...
CVE-2007-4661The chunk_split function in string.c in PHP 5.2.3 does not properly ...
CVE-2007-4660Unspecified vulnerability in the chunk_split function in PHP before ...
CVE-2007-4659The zend_alter_ini_entry function in PHP before 5.2.4 does not ...
CVE-2007-4658The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...
CVE-2007-4657Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...
CVE-2007-4652The session extension in PHP before 5.2.4 might allow local users to ...
CVE-2007-4441Buffer overflow in php_win32std.dll in the win32std extension for PHP ...
CVE-2007-4010The win32std extension in PHP 5.2.3 does not follow safe_mode and ...
CVE-2007-3998The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...
CVE-2007-3997The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...
CVE-2007-3806The glob function in PHP 5.2.3 allows context-dependent attackers to ...
CVE-2007-3799The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...
CVE-2007-3790The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...
CVE-2007-3378The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...
CVE-2007-3007PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...
CVE-2007-2872Multiple integer overflows in the chunk_split function in PHP 5 before ...
CVE-2007-2844PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...
CVE-2007-2748The substr_count function in PHP 5.2.1 and earlier allows ...
CVE-2007-2728The soap extension in PHP calls php_rand_r with an uninitialized seed ...
CVE-2007-2727The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...
CVE-2007-2519Directory traversal vulnerability in the installer in PEAR 1.0 through ...
CVE-2007-2511Buffer overflow in the user_filter_factory_create function in PHP ...
CVE-2007-2510Buffer overflow in the make_http_soap_request function in PHP before ...
CVE-2007-2509CRLF injection vulnerability in the ftp_putcmd function in PHP before ...
CVE-2007-1900CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...
CVE-2007-1889Integer signedness error in the _zend_mm_alloc_int function in the ...
CVE-2007-1887Buffer overflow in the sqlite_decode_binary function in the bundled ...
CVE-2007-1864Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...
CVE-2007-1824Buffer overflow in the php_stream_filter_create function in PHP 5 ...
CVE-2007-1777Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...
CVE-2007-1718CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...
CVE-2007-1717The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1711Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...
CVE-2007-1701PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...
CVE-2007-1700The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...
CVE-2007-1649PHP 5.2.1 allows context-dependent attackers to read portions of heap ...
CVE-2007-1583The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...
CVE-2007-1522Double free vulnerability in the session extension in PHP 5.2.0 and ...
CVE-2007-1521Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...
CVE-2007-1484The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...
CVE-2007-1461The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...
CVE-2007-1460The zip:// URL wrapper provided by the PECL zip extension in PHP ...
CVE-2007-1454ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...
CVE-2007-1453Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...
CVE-2007-1452The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...
CVE-2007-1412The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...
CVE-2007-1411Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...
CVE-2007-1399Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...
CVE-2007-1396The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...
CVE-2007-1381The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...
CVE-2007-1380The php_binary serialization handler in the session extension in PHP ...
CVE-2007-1376The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...
CVE-2007-1375Integer overflow in the substr_compare function in PHP 5.2.1 and ...
CVE-2007-1286Integer overflow in PHP 4.4.4 and earlier allows remote ...
CVE-2007-1285The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...
CVE-2007-0988The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...
CVE-2007-0911Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...
CVE-2007-0910Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...
CVE-2007-0909Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...
CVE-2007-0908The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...
CVE-2007-0907Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...
CVE-2007-0906Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...
CVE-2007-0905PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...
CVE-2006-7243PHP before 5.3.4 accepts the \0 character in a pathname, which might ...
CVE-2006-5706Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...
CVE-2006-5465Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...
CVE-2006-5178Race condition in the symlink function in PHP 5.1.6 and earlier allows ...
CVE-2006-4812Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...
CVE-2006-4625PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...
CVE-2006-4486Integer overflow in memory allocation routines in PHP before 5.1.6, ...
CVE-2006-4485The stripos function in PHP before 5.1.5 has unknown impact and attack ...
CVE-2006-4483The cURL extension files (1) ext/curl/interface.c and (2) ...
CVE-2006-4482Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...
CVE-2006-4481The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...
CVE-2006-4433PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...
CVE-2006-4020scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...
CVE-2006-3018Unspecified vulnerability in the session extension functionality in ...
CVE-2006-3017zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...
CVE-2006-3016Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...
CVE-2006-3011The error_log function in basic_functions.c in PHP before 4.4.4 and ...
CVE-2006-2660Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...
CVE-2006-2563The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...
CVE-2006-1991The substr_compare function in string.c in PHP 5.1.2 allows ...
CVE-2006-1990Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...
CVE-2006-1608The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...
CVE-2006-1549PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...
CVE-2006-1494Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...
CVE-2006-1490PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...
CVE-2006-1015Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...
CVE-2006-1014Argument injection vulnerability in certain PHP 4.x and 5.x ...
CVE-2006-0996Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...
CVE-2006-0208Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...
CVE-2006-0207Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...
CVE-2006-0200Format string vulnerability in the error-reporting feature in the ...
CVE-2006-0097Stack-based buffer overflow in the create_named_pipe function in ...
CVE-2005-4154Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...
CVE-2005-3883CRLF injection vulnerability in the mb_send_mail function in PHP ...
CVE-2005-3392Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...
CVE-2005-3391Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...
CVE-2005-3390The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...
CVE-2005-3389The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...
CVE-2005-3388Cross-site scripting (XSS) vulnerability in the phpinfo function in ...
CVE-2005-3353The exif_read_data function in the Exif module in PHP before 4.4.1 ...
CVE-2005-3319The apache2handler SAPI (sapi_apache2.c) in the Apache module ...
CVE-2005-3054fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...
CVE-2005-2498Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...
CVE-2002-1954Cross-site scripting (XSS) vulnerability in the phpinfo function in ...

Security announcements

DSA / DLADescription
DLA-628-1php5 - security update
DSA-3631-1php5 - security update
DSA-3618-1php5 - security update
DLA-533-1php5 - security update
DSA-3602-1php5 - security update
DLA-499-1php5 - security update
DSA-3560-1php5 - security update
DLA-444-1php5 - security update
DLA-341-1php5 - security update
DSA-3380-1php5 - security update
DSA-3380-1php5 - security update
DSA-3358-1php5 - security update
DSA-3358-1php5 - security update
DLA-307-1php5 - security update
DSA-3344-1php5 - security update
DSA-3344-1php5 - security update
DSA-3280-1php5 - security update
DSA-3280-1php5 - security update
DLA-212-1php5 - security update
DSA-3198-2php5 - regression update
DSA-3198-1php5 - security update
DSA-3195-1php5 - security update
DLA-145-2php5 - regression update
DLA-145-1php5 - security update
DSA-3126-1php5 - security update
DSA-3117-1php5 - security update
DLA-94-1php5 - security update
DSA-3074-2php5 - regression update
DSA-3074-1php5 - security update
DSA-3064-1php5 - security update
DLA-67-1php5 - security update
DSA-3008-1php5 - security update
DLA-0018-1php5 - security update
DSA-2974-1php5 - security update
DLA-0010-1php5 - security update
DSA-2961-1php5 - security update
DSA-2943-1php5 - security update
DSA-2868-1php5 - denial of service
DSA-2868-1php5 - denial of service
DSA-2816-1php5 - several
DSA-2816-1php5 - several
DSA-2742-1php5 - interpretation conflict
DSA-2742-1php5 - interpretation conflict
DSA-2723-1php5 - heap corruption
DSA-2723-1php5 - heap corruption
DSA-2639-1php5 - several vulnerabilities
DSA-2527-1php5 - several
DSA-2492-1php5 - buffer overflow
DSA-2465-1php5 - several
DSA-2408-1php5 - several
DSA-2403-1php5 - code injection
DSA-2403-1php5 - code injection
DSA-2399-1php5 - several
DSA-2399-1php5 - several
DSA-2266-1php5 - several
DSA-2266-1php5 - several
DSA-2195-1php5 - several
DSA-2195-1php5 - several
DSA-2089-1php5 - several vulnerabilities
DSA-2018-1php5 - null pointer dereference
DSA-2001-1php5 - multiple vulnerabilities
DSA-1940-1php5 - multiple issues
DSA-1940-1php5 - multiple issues
DSA-1789-1php5 - several vulnerabilities
DSA-1789-1php5 - several vulnerabilities
DSA-1647-1php5 - several vulnerabilities
DSA-1572-1php5 - several vulnerabilities
DSA-1444-1php5 several issues
DSA-1330-1php5 - several vulnerabilities
DSA-1295-1php5
DSA-1283-1php5

Search for package or bug name: Reporting problems