Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2016/11/18 12:0 a.m.307 views

PHP 5.6.x < 5.6.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.28. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the parseurl function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to hav...

7.5CVSS8.9AI score0.42401EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.4 views

php: wddx_deserialize null dereference in php_wddx_pop_element

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...

7.5CVSS7.4AI score0.0883EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2016/10/04 5:18 p.m.98 views

USN-3095-1: PHP vulnerabilities

Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-7124 Taoguang Chen discovered that PHP incorrectly...

9.8CVSS7.8AI score0.16482EPSS
Exploits17
RedhatCVE
RedhatCVE
added 2016/09/19 12:48 p.m.40 views

CVE-2016-7413

Use-after-free vulnerability in the wddxstackdestroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field...

9.8CVSS6.7AI score0.06654EPSS
Exploits1References1
OSV
OSV
added 2016/09/17 9:59 p.m.17 views

CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

7.5CVSS9AI score
Exploits0References10
NVD
NVD
added 2016/09/17 9:59 p.m.29 views

CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

7.5CVSS9.2AI score0.11402EPSS
Exploits1References10
Prion
Prion
added 2016/09/17 9:59 p.m.32 views

Design/Logic Flaw

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

5CVSS7.9AI score0.11402EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2016/09/17 9:0 p.m.31 views

CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

9.2AI score0.11402EPSS
Exploits1References10
CVE
CVE
added 2016/09/17 9:0 p.m.309 views

CVE-2016-7413

CVE-2016-7413 is a Use-After-Free vulnerability in PHP’s WDDX deserialization path. The issue resides in wddx_stack_destroy in ext/wddx/wddx.c and can be triggered by a wddxPacket XML document that lacks an end-tag for a recordset field, leading to denial of service or potentially other impact. A...

9.8CVSS8.4AI score0.06654EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVE
added 2016/09/17 9:0 p.m.40 views

CVE-2016-7413

Removed by vendor...

9.8CVSS8.7AI score0.06654EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2016/09/17 9:0 p.m.57 views

CVE-2016-7413

Use-after-free vulnerability in the wddxstackdestroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field...

9.8CVSS9.3AI score0.06654EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2016/09/17 9:0 p.m.47 views

CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

7.5CVSS9.3AI score0.11402EPSS
Exploits1
NVD
NVD
added 2016/09/12 1:59 a.m.38 views

CVE-2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...

7.5CVSS9AI score0.0883EPSS
Exploits1References11
OSV
OSV
added 2016/09/12 1:59 a.m.17 views

CVE-2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...

7.5CVSS9.1AI score
Exploits0References11
OSV
OSV
added 2016/09/12 1:59 a.m.16 views

CVE-2016-7130

The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...

7.5CVSS9.1AI score
Exploits0References10
NVD
NVD
added 2016/09/12 1:59 a.m.28 views

CVE-2016-7130

The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...

7.5CVSS9AI score0.06672EPSS
Exploits1References10
Prion
Prion
added 2016/09/12 1:59 a.m.26 views

Code injection

The phpwddxprocessdata function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddxdeserialize call that...

7.5CVSS8AI score0.06842EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2016/09/12 1:0 a.m.39 views

CVE-2016-7130

The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...

9.1AI score0.06672EPSS
Exploits1References10
CVE
CVE
added 2016/09/12 1:0 a.m.203 views

CVE-2016-7131

CVE-2016-7131 affects the WDDX extension in PHP (ext/wddx/wddx.c). When a wddx_deserialize call processes a malformed wddxPacket XML document, exemplified by a tag lacking a

7.5CVSS7.7AI score0.0883EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2016/09/12 1:0 a.m.218 views

CVE-2016-7132

CVE-2016-7132 affects PHP’s WDDX extension: ext/wddx/wddx.c mishandles a crafted wddxPacket XML document in wddx_deserialize, allowing denial of service via NULL pointer dereference and potential other impact. Affected versions are PHP before 5.6.25 and before 7.0.10; fixed in PHP 5.6.25 and PHP ...

7.5CVSS7.9AI score0.0883EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder