PHP :: Bugs :: Search

60623
(edit)

2011-12-29 08:45 UTC

2011-12-29 09:38 UTC

*Encryption and hash functions

Sec Bug

Duplicate

Irrelevant

ANY

Hash Table Collisions

60827
(edit)

2012-01-20 21:21 UTC

2012-01-20 21:27 UTC

URL related

Sec Bug

Duplicate

Irrelevant

irrelevant

Vulnerability in bugs.php.net

61210
(edit)

2012-02-29 16:00 UTC

2014-02-12 18:25 UTC

Safe Mode/open_basedir

Sec Bug

Duplicate

5.3.10

*nix

redirection in curl incorrectly blocked if open_basedir is set

65266
(edit)

2013-07-16 05:14 UTC

2013-07-16 05:22 UTC

*XML functions

Sec Bug

Duplicate

5.4.17

heap corruption in xml parser

67267
(edit)

2014-05-13 15:50 UTC

2014-05-13 16:03 UTC

Online Doc Editor problem

Sec Bug

Duplicate

Irrelevant

Any

Local File Inclusion

tyrael

69206
(edit)

2015-03-09 17:34 UTC

2015-03-20 05:50 UTC

PHP Language Specification

Sec Bug

Duplicate

Irrelevant

*

Nullbytes - The Come back

72279
(edit)

2016-05-28 06:36 UTC

2016-05-29 08:37 UTC

Safe Mode/open_basedir

Sec Bug

Duplicate

Irrelevant

Ubuntu

open_basedir could be bypassed if it's set by .user.ini

73064
(edit)

2016-09-12 02:21 UTC

2017-02-13 01:22 UTC

WDDX related

Sec Bug

Duplicate

master-Git-2016-09-12 (snap)

Ubuntu

Use-After-Free in wddx_deserialize of wddx.c

stas

73109
(edit)

2016-09-19 01:07 UTC

2017-10-16 02:28 UTC

Date/time related

Sec Bug

Duplicate

7.1.6

Ubuntu

Out-Of-Bounds Read in timelib_meridian of parse_date.c

derick

73153
(edit)

2016-09-23 16:56 UTC

2017-01-16 13:32 UTC

GNU MP related

Sec Bug

Duplicate

5.6.26

Ubuntu

Crash with an Unexpected Object when Deserialize GMP object

73162
(edit)

2016-09-24 10:18 UTC

2016-10-19 14:25 UTC

DOM XML related

Sec Bug

Duplicate

5.6.26

missing NULL check in dom_document_savexml

73710
(edit)

2016-12-10 14:39 UTC

2017-01-10 00:33 UTC

Directory function related

Sec Bug

Duplicate

Irrelevant

open_basedir bypass via glob wrapper

pollita

74301
(edit)

2017-03-23 17:17 UTC

2017-10-15 22:47 UTC

WDDX related

Sec Bug

Duplicate

5.6.30

Free() invalid pointer when wddx decodes empty boolean element

74609
(edit)

2017-05-18 06:31 UTC

2017-08-12 13:14 UTC

*General Issues

Sec Bug

Duplicate

7.1.6

Ubuntu 1604 & Windows10

a heap-use-after-free was found at zif_unserialize function

74622
(edit)

2017-05-21 11:17 UTC

2017-08-12 19:28 UTC

*General Issues

Sec Bug

Duplicate

7.1.5/7.1.6

Debian GNU/Linux 9 \n \l

zif_unserialize Invalid read of size 8

75505
(edit)

2017-11-09 03:18 UTC

2018-01-15 13:31 UTC

*Network Functions

Sec Bug

Duplicate

7.1.11

*

pfsockopen may cause a security problem

76428
(edit)

2018-06-08 01:03 UTC

2018-11-20 19:37 UTC

IMAP related

Sec Bug

Duplicate

7.0.30

Debian Linux

Command execution through imap_open

76558
(edit)

2018-07-01 00:48 UTC

2018-07-16 23:57 UTC

EXIF related

Sec Bug

Duplicate

5.6.36

Debian 9 x64

heap-buffer-overflow (READ of size 1) in php_ifd_get32s

kalle

77160
(edit)

2018-11-15 09:09 UTC

2019-02-21 05:11 UTC

IMAP related

Sec Bug

Duplicate

7.2.12

Script injection in imap_open()

cmb

77249
(edit)

2018-12-06 10:00 UTC

2019-01-07 08:14 UTC

XMLRPC-EPI related

Sec Bug

Duplicate

7.2.12

Linux

Use after free in xmlrpc_decode()

stas

77429
(edit)

2019-01-08 02:54 UTC

2019-02-10 12:06 UTC

XMLRPC-EPI related

Sec Bug

Duplicate

7.1.25

heap buffer overflow in format_converter

cmb

1027
(edit)

1999-01-05 04:09 UTC

2002-01-09 10:02 UTC

Feature/Change Request

Req

Duplicate

4.0

fprintf() please

3514
(edit)

2000-02-17 08:02 UTC

2001-11-11 14:48 UTC

Feature/Change Request

Req

Duplicate

4.0

any

Private and Protected data in classes

4822
(edit)

2000-06-05 15:53 UTC

2000-11-21 03:58 UTC

Feature/Change Request

Req

Duplicate

4.0.0 Release

Linux

Uploading in safe mode

5278
(edit)

2000-06-29 23:00 UTC

2001-11-11 15:10 UTC

Feature/Change Request

Req

Duplicate

4.0.0 Release

ob_* enhanced to use HTTP headers

5408
(edit)

2000-07-06 17:35 UTC

2001-11-11 14:57 UTC

Feature/Change Request

Req

Duplicate

4.0 Latest CVS (06/07/2000)

Redhat 6.1 (Linux 2.2.12-20)

foreach() should silently ignore non-array's passed to it

5975
(edit)

2000-08-04 20:51 UTC

2012-02-10 23:13 UTC

Strings related

Req

Duplicate

*

version of strip_tags() that specifies tags to strip (instead of tags to keep)

6768
(edit)

2000-09-15 05:28 UTC

2002-01-06 12:19 UTC

Feature/Change Request

Req

Duplicate

4.0.2

Linux 2.2.14

list() construct reference assignment

6875
(edit)

2000-09-24 23:14 UTC

2001-06-12 04:01 UTC

Feature/Change Request

Req

Duplicate

4.0.2

Linux 2.2.17 / Open BSD 2.8

upload_tmp_dir in php.ini doesn't work in safe_mode

7217
(edit)

2000-10-15 03:49 UTC

2001-08-27 11:44 UTC

Feature/Change Request

Req

Duplicate

4.0.2

linux

Security Problem with "include_dir" configuration

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2020 The PHP Group All rights reserved.	Last updated: Fri Feb 21 16:01:27 2020 UTC