Lucene search

K

Php Security Vulnerabilities

cve
cve

CVE-2014-4698

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting...

7AI Score

0.003EPSS

2014-07-10 11:06 AM
43
cve
cve

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related....

9.4AI Score

0.814EPSS

2014-07-09 11:07 AM
247
3
cve
cve

CVE-2014-3487

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF...

6.2AI Score

0.016EPSS

2014-07-09 11:07 AM
128
cve
cve

CVE-2014-3478

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING...

6.6AI Score

0.157EPSS

2014-07-09 11:07 AM
141
cve
cve

CVE-2014-3480

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF...

6.4AI Score

0.007EPSS

2014-07-09 11:07 AM
137
cve
cve

CVE-2014-0207

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF...

6.3AI Score

0.009EPSS

2014-07-09 11:07 AM
139
2
cve
cve

CVE-2014-3479

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a...

6.3AI Score

0.007EPSS

2014-07-09 11:07 AM
159
cve
cve

CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from...

5.7AI Score

0.007EPSS

2014-07-06 11:55 PM
219
cve
cve

CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...

9.1AI Score

0.018EPSS

2014-07-03 02:55 PM
127
2
cve
cve

CVE-2014-4049

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record...

9.7AI Score

0.948EPSS

2014-06-18 07:55 PM
112
4
cve
cve

CVE-2014-3981

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck...

5.9AI Score

0.0005EPSS

2014-06-08 06:55 PM
88
cve
cve

CVE-2014-3934

SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to...

9.4AI Score

0.001EPSS

2014-06-02 02:55 PM
20
cve
cve

CVE-2014-0237

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf...

6.6AI Score

0.043EPSS

2014-06-01 04:29 AM
164
cve
cve

CVE-2014-0238

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too...

6.6AI Score

0.098EPSS

2014-06-01 04:29 AM
154
cve
cve

CVE-2014-0185

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI...

6.1AI Score

0.0004EPSS

2014-05-06 10:44 AM
73
2
cve
cve

CVE-2013-1803

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting...

8.2AI Score

0.005EPSS

2014-05-05 05:06 PM
31
cve
cve

CVE-2013-7375

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than...

8.5AI Score

0.003EPSS

2014-05-05 05:06 PM
35
cve
cve

CVE-2013-1807

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in...

6.4AI Score

0.009EPSS

2014-04-30 11:58 PM
20
cve
cve

CVE-2013-1806

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable.....

7.1AI Score

0.012EPSS

2014-04-30 11:58 PM
22
cve
cve

CVE-2013-1804

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via.....

5.5AI Score

0.001EPSS

2014-04-29 08:55 PM
30
cve
cve

CVE-2013-7345

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of.....

6.1AI Score

0.004EPSS

2014-03-24 04:31 PM
59
cve
cve

CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM...

8.8AI Score

0.01EPSS

2014-03-21 02:55 PM
123
2
cve
cve

CVE-2014-2270

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE...

6.2AI Score

0.959EPSS

2014-03-14 03:55 PM
64
2
cve
cve

CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a...

6.1AI Score

0.058EPSS

2014-02-18 07:55 PM
63
cve
cve

CVE-2013-7328

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a...

6.5AI Score

0.008EPSS

2014-02-18 11:55 AM
32
cve
cve

CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a....

6AI Score

0.003EPSS

2014-02-18 11:55 AM
41
cve
cve

CVE-2013-7327

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return...

7.3AI Score

0.006EPSS

2014-02-18 11:55 AM
36
cve
cve

CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

7.7AI Score

0.048EPSS

2014-02-18 11:55 AM
34
cve
cve

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream...

6.8AI Score

0.003EPSS

2014-02-15 02:57 PM
111
cve
cve

CVE-2013-6420

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service.....

9.6AI Score

0.95EPSS

2013-12-17 04:46 AM
171
cve
cve

CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval...

6.3AI Score

0.59EPSS

2013-11-28 04:37 AM
77
cve
cve

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and...

6.4AI Score

0.002EPSS

2013-09-16 01:02 PM
87
2
cve
cve

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity...

6.8AI Score

0.006EPSS

2013-08-21 04:55 PM
30
cve
cve

CVE-2013-4248

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

8.5AI Score

0.029EPSS

2013-08-18 02:52 AM
123
cve
cve

CVE-2011-4718

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session...

9.1AI Score

0.006EPSS

2013-08-13 03:04 PM
124
cve
cve

CVE-2013-4113

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct...

7.4AI Score

0.614EPSS

2013-07-13 01:10 PM
189
2
cve
cve

CVE-2013-4635

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish...

6.3AI Score

0.032EPSS

2013-06-21 09:55 PM
186
cve
cve

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo...

6.6AI Score

0.002EPSS

2013-06-21 09:55 PM
44
cve
cve

CVE-2013-2110

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the...

7.6AI Score

0.055EPSS

2013-06-21 08:55 PM
246
cve
cve

CVE-2013-3735

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an...

6.7AI Score

0.001EPSS

2013-05-31 09:55 PM
33
cve
cve

CVE-2013-1635

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an.....

6.5AI Score

0.018EPSS

2013-03-06 01:10 PM
167
cve
cve

CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and...

6.6AI Score

0.003EPSS

2013-03-06 01:10 PM
120
cve
cve

CVE-2012-6113

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input...

6AI Score

0.005EPSS

2013-01-19 09:55 PM
64
cve
cve

CVE-2012-6043

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id...

6AI Score

0.002EPSS

2012-11-26 10:55 PM
25
cve
cve

CVE-2011-5238

google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid...

7.3AI Score

0.001EPSS

2012-11-06 12:21 PM
18
cve
cve

CVE-2011-5220

Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to...

6.3AI Score

0.003EPSS

2012-10-25 05:55 PM
20
cve
cve

CVE-2012-5381

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...

6.9AI Score

0.0004EPSS

2012-10-11 10:51 AM
25
cve
cve

CVE-2012-5098

Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to...

9.5AI Score

0.001EPSS

2012-09-23 05:55 PM
24
cve
cve

CVE-2012-4388

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to...

6.4AI Score

0.002EPSS

2012-09-07 10:55 PM
37
cve
cve

CVE-2011-1398

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction...

6.2AI Score

0.013EPSS

2012-08-30 10:55 PM
103
Total number of security vulnerabilities1054