Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-5465

Published: 04/11/2006 Updated: 30/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

Buffer overflow in PHP prior to 5.2.0 allows remote malicious users to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.0.0

php php 5.0

php php 5.0.1

php php 5.0.2

php php 5.1.0

php php 5.1.1

php php 5.0.5

php php 5.1.4

php php 5.1.5

php php

php php 5.0.3

php php 5.0.4

php php 5.1.2

php php 5.1.3

Vendor Advisories

Ubuntu Security Notice: php5 vulnerability
Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application (CVE-2006-5465) ...
Debian CVElist Bug Report Logs: CVE-2007-6039: possible DoS
Debian Bug report logs - #453295 CVE-2007-6039: possible DoS Package: php5-common; Maintainer for php5-common is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5-common is src:php5 (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Wed, 28 Nov 2007 12 ...
Debian CVElist Bug Report Logs: CVE-2006-5465: PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows
Debian Bug report logs - #396764 CVE-2006-5465: PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows Package: php4; Maintainer for php4 is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Thu, 2 Nov 2006 20:03:14 UTC Severity: critical Tags: patch, security Fixed in version php4/4:444-4 Done: se ...
Debian Security Advisories: DSA-1206-1 php4 -- several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3353 Tim Starling discovered that missing input sanitising in the EXIF module could lead ...

References

NVD-CWE-Otherhttp://www.php.net/releases/5_2_0.phphttp://www.ubuntu.com/usn/usn-375-1http://www.hardened-php.net/advisory_132006.138.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0730.htmlhttp://www.securityfocus.com/bid/20879http://securitytracker.com/id?1017152http://secunia.com/advisories/22653http://secunia.com/advisories/22688http://www.debian.org/security/2006/dsa-1206http://www.mandriva.com/security/advisories?name=MDKSA-2006:196http://secunia.com/advisories/22693http://secunia.com/advisories/22753http://secunia.com/advisories/22713http://issues.rpath.com/browse/RPL-761http://secunia.com/advisories/22759ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://www.novell.com/linux/security/advisories/2006_67_php.htmlhttp://secunia.com/advisories/22929http://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://securitytracker.com/id?1017296http://secunia.com/advisories/23139http://secunia.com/advisories/23155http://rhn.redhat.com/errata/RHSA-2006-0736.htmlhttp://secunia.com/advisories/23247http://support.avaya.com/elmodocs2/security/ASA-2006-245.htmhttp://security.gentoo.org/glsa/glsa-200703-21.xmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0731.htmlhttp://www.trustix.org/errata/2006/0061/http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://secunia.com/advisories/22685http://secunia.com/advisories/22779http://secunia.com/advisories/22881http://secunia.com/advisories/24606http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtmlhttp://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.htmlhttp://secunia.com/advisories/25047http://www.vupen.com/english/advisories/2006/4317http://www.vupen.com/english/advisories/2007/1546http://www.vupen.com/english/advisories/2006/4749http://www.vupen.com/english/advisories/2006/4750https://exchange.xforce.ibmcloud.com/vulnerabilities/29971https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240http://www.securityfocus.com/archive/1/453024/100/0/threadedhttp://www.securityfocus.com/archive/1/451098/100/0/threadedhttp://www.securityfocus.com/archive/1/450431/100/0/threadedhttps://usn.ubuntu.com/375-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook