|
1 | 1 | { |
2 | | - "lastUpdatedDate": "2024-12-13T02:39:11+0000", |
| 2 | + "lastUpdatedDate": "2024-12-13T13:34:05+0000", |
3 | 3 | "name": "PHP Version Audit", |
4 | 4 | "website": "https://github.com/lightswitch05/php-version-audit", |
5 | 5 | "licence": "https://github.com/lightswitch05/php-version-audit/blob/master/LICENSE", |
|
3378 | 3378 | "id": "CVE-2007-0455", |
3379 | 3379 | "baseScore": 7.5, |
3380 | 3380 | "publishedDate": "2007-01-30T17:28:00+0000", |
3381 | | - "lastModifiedDate": "2022-07-21T15:17:00+0000", |
| 3381 | + "lastModifiedDate": "2024-11-21T00:25:00+0000", |
3382 | 3382 | "description": "Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font." |
3383 | 3383 | }, |
3384 | 3384 | "CVE-2007-1001": { |
3385 | 3385 | "id": "CVE-2007-1001", |
3386 | 3386 | "baseScore": 6.8, |
3387 | 3387 | "publishedDate": "2007-04-06T00:19:00+0000", |
3388 | | - "lastModifiedDate": "2018-10-30T16:25:00+0000", |
| 3388 | + "lastModifiedDate": "2024-11-21T00:27:00+0000", |
3389 | 3389 | "description": "Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values." |
3390 | 3390 | }, |
3391 | 3391 | "CVE-2007-1887": { |
3392 | 3392 | "id": "CVE-2007-1887", |
3393 | 3393 | "baseScore": 7.5, |
3394 | 3394 | "publishedDate": "2007-04-06T01:19:00+0000", |
3395 | | - "lastModifiedDate": "2022-07-21T15:12:00+0000", |
| 3395 | + "lastModifiedDate": "2024-11-21T00:29:00+0000", |
3396 | 3396 | "description": "Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character." |
3397 | 3397 | }, |
3398 | 3398 | "CVE-2007-1900": { |
3399 | 3399 | "id": "CVE-2007-1900", |
3400 | 3400 | "baseScore": 5, |
3401 | 3401 | "publishedDate": "2007-04-10T18:19:00+0000", |
3402 | | - "lastModifiedDate": "2017-10-11T01:32:00+0000", |
| 3402 | + "lastModifiedDate": "2024-11-21T00:29:00+0000", |
3403 | 3403 | "description": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string." |
3404 | 3404 | }, |
3405 | 3405 | "CVE-2007-2756": { |
3406 | 3406 | "id": "CVE-2007-2756", |
3407 | 3407 | "baseScore": 4.3, |
3408 | 3408 | "publishedDate": "2007-05-18T18:30:00+0000", |
3409 | | - "lastModifiedDate": "2017-10-11T01:32:00+0000", |
| 3409 | + "lastModifiedDate": "2024-11-21T00:31:00+0000", |
3410 | 3410 | "description": "The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng." |
3411 | 3411 | }, |
3412 | 3412 | "CVE-2007-2872": { |
3413 | 3413 | "id": "CVE-2007-2872", |
3414 | 3414 | "baseScore": 6.8, |
3415 | 3415 | "publishedDate": "2007-06-04T17:30:00+0000", |
3416 | | - "lastModifiedDate": "2023-02-13T02:17:00+0000", |
| 3416 | + "lastModifiedDate": "2024-11-21T00:31:00+0000", |
3417 | 3417 | "description": "Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments." |
3418 | 3418 | }, |
3419 | 3419 | "CVE-2007-3378": { |
3420 | 3420 | "id": "CVE-2007-3378", |
3421 | 3421 | "baseScore": 6.8, |
3422 | 3422 | "publishedDate": "2007-06-29T18:30:00+0000", |
3423 | | - "lastModifiedDate": "2020-09-18T19:15:00+0000", |
| 3423 | + "lastModifiedDate": "2024-11-21T00:33:00+0000", |
3424 | 3424 | "description": "The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess." |
3425 | 3425 | }, |
3426 | 3426 | "CVE-2007-3806": { |
3427 | 3427 | "id": "CVE-2007-3806", |
3428 | 3428 | "baseScore": 6.8, |
3429 | 3429 | "publishedDate": "2007-07-17T00:30:00+0000", |
3430 | | - "lastModifiedDate": "2017-09-29T01:29:00+0000", |
| 3430 | + "lastModifiedDate": "2024-11-21T00:34:00+0000", |
3431 | 3431 | "description": "The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure." |
3432 | 3432 | }, |
3433 | 3433 | "CVE-2007-4783": { |
3434 | 3434 | "id": "CVE-2007-4783", |
3435 | 3435 | "baseScore": 5, |
3436 | 3436 | "publishedDate": "2007-09-10T21:17:00+0000", |
3437 | | - "lastModifiedDate": "2018-10-15T21:38:00+0000", |
| 3437 | + "lastModifiedDate": "2024-11-21T00:36:00+0000", |
3438 | 3438 | "description": "The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution." |
3439 | 3439 | }, |
3440 | 3440 | "CVE-2007-4840": { |
3441 | 3441 | "id": "CVE-2007-4840", |
3442 | 3442 | "baseScore": 5, |
3443 | 3443 | "publishedDate": "2007-09-12T20:17:00+0000", |
3444 | | - "lastModifiedDate": "2018-10-15T21:38:00+0000", |
| 3444 | + "lastModifiedDate": "2024-11-21T00:36:00+0000", |
3445 | 3445 | "description": "PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution." |
3446 | 3446 | }, |
3447 | 3447 | "CVE-2007-4887": { |
3448 | 3448 | "id": "CVE-2007-4887", |
3449 | 3449 | "baseScore": 4.3, |
3450 | 3450 | "publishedDate": "2007-09-14T00:17:00+0000", |
3451 | | - "lastModifiedDate": "2018-10-15T21:38:00+0000", |
| 3451 | + "lastModifiedDate": "2024-11-21T00:36:00+0000", |
3452 | 3452 | "description": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability." |
3453 | 3453 | }, |
3454 | 3454 | "CVE-2008-0599": { |
|
0 commit comments