| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-5814 | 2.6 |
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear
|
30-10-2018 - 16:26 | 02-01-2009 - 18:11 | |
| CVE-2008-5498 | 5.0 |
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an inde
|
30-10-2018 - 16:25 | 26-12-2008 - 20:30 | |
| CVE-2008-5557 | 10.0 |
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is n
|
11-10-2018 - 20:56 | 23-12-2008 - 18:30 | |
| CVE-2008-3658 | 7.5 |
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Mi
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
| CVE-2008-3660 | 5.0 |
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. Overview contains a t
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 |