Total vulnerabilities in the database
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
| Software | From | Fixed in |
|---|---|---|
| apple / mac_os_x | - | 10.10.4.x |
| php / php | 5.5.0-alpha1 | 5.5.0-alpha1.x |
| php / php | 5.6.0-alpha5 | 5.6.0-alpha5.x |
| php / php | 5.6.5 | 5.6.5.x |
| php / php | 5.5.0-alpha3 | 5.5.0-alpha3.x |
| php / php | 5.5.19 | 5.5.19.x |
| php / php | 5.5.0-beta3 | 5.5.0-beta3.x |
| php / php | 5.5.0 | 5.5.0.x |
| php / php | 5.6.0-beta2 | 5.6.0-beta2.x |
| php / php | - | 5.4.40.x |
| php / php | 5.6.0-beta1 | 5.6.0-beta1.x |
| php / php | 5.5.1 | 5.5.1.x |
| php / php | 5.5.5 | 5.5.5.x |
| php / php | 5.6.4 | 5.6.4.x |
| php / php | 5.5.21 | 5.5.21.x |
| php / php | 5.6.6 | 5.6.6.x |
| php / php | 5.6.0-alpha3 | 5.6.0-alpha3.x |
| php / php | 5.5.14 | 5.5.14.x |
| php / php | 5.5.7 | 5.5.7.x |
| php / php | 5.5.0-beta1 | 5.5.0-beta1.x |
| php / php | 5.6.2 | 5.6.2.x |
| php / php | 5.5.12 | 5.5.12.x |
| php / php | 5.6.0-beta3 | 5.6.0-beta3.x |
| php / php | 5.5.6 | 5.5.6.x |
| php / php | 5.6.7 | 5.6.7.x |
| php / php | 5.5.0-rc1 | 5.5.0-rc1.x |
| php / php | 5.5.0-beta4 | 5.5.0-beta4.x |
| php / php | 5.5.3 | 5.5.3.x |
| php / php | 5.5.23 | 5.5.23.x |
| php / php | 5.5.8 | 5.5.8.x |
| php / php | 5.6.0-beta4 | 5.6.0-beta4.x |
| php / php | 5.5.24 | 5.5.24.x |
| php / php | 5.4.39 | 5.4.39.x |
| php / php | 5.5.0-alpha6 | 5.5.0-alpha6.x |
| php / php | 5.5.0-beta2 | 5.5.0-beta2.x |
| php / php | 5.5.11 | 5.5.11.x |
| php / php | 5.5.13 | 5.5.13.x |
| php / php | 5.6.0-alpha2 | 5.6.0-alpha2.x |
| php / php | 5.5.4 | 5.5.4.x |
| php / php | 5.5.0-alpha4 | 5.5.0-alpha4.x |
| php / php | 5.6.0-alpha1 | 5.6.0-alpha1.x |
| php / php | 5.5.10 | 5.5.10.x |
| php / php | 5.6.3 | 5.6.3.x |
| php / php | 5.5.0-alpha5 | 5.5.0-alpha5.x |
| php / php | 5.5.22 | 5.5.22.x |
| php / php | 5.6.8 | 5.6.8.x |
| php / php | 5.5.18 | 5.5.18.x |
| php / php | 5.5.0-alpha2 | 5.5.0-alpha2.x |
| php / php | 5.5.20 | 5.5.20.x |
| php / php | 5.6.0-alpha4 | 5.6.0-alpha4.x |
| php / php | 5.5.2 | 5.5.2.x |
| php / php | 5.5.0-rc2 | 5.5.0-rc2.x |
| php / php | 5.5.9 | 5.5.9.x |
| redhat / enterprise_linux_desktop | 7.0 | 7.0.x |
| redhat / enterprise_linux_workstation | 7.0 | 7.0.x |
| redhat / enterprise_linux_server | 7.0 | 7.0.x |
| redhat / enterprise_linux_hpc_node | 7.0 | 7.0.x |
| redhat / enterprise_linux_server_eus | 7.1 | 7.1.x |
| redhat / enterprise_linux_hpc_node_eus | 7.1 | 7.1.x |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |