Lucene search
K

48 matches found

CVE
CVE
added 2016/09/12 1:0 a.m.216 views

CVE-2016-7132

CVE-2016-7132 affects PHP’s WDDX extension: ext/wddx/wddx.c mishandles a crafted wddxPacket XML document in wddx_deserialize, allowing denial of service via NULL pointer dereference and potential other impact. Affected versions are PHP before 5.6.25 and before 7.0.10; fixed in PHP 5.6.25 and PHP ...

7.5CVSS7.9AI score0.0883EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2016/09/12 1:0 a.m.203 views

CVE-2016-7131

CVE-2016-7131 affects the WDDX extension in PHP (ext/wddx/wddx.c). When a wddx_deserialize call processes a malformed wddxPacket XML document, exemplified by a tag lacking a

7.5CVSS7.7AI score0.0883EPSS
Exploits1References11Affected Software1
UbuntuCve
UbuntuCve
added 2016/09/11 12:0 a.m.34 views

CVE-2016-7131

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddxdeserialize call, as...

7.5CVSS7.1AI score0.0883EPSS
Exploits1References5
OSV
OSV
added 2016/09/11 12:0 a.m.3 views

UBUNTU-CVE-2016-7129

The phpwddxprocessdata function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddxdeserialize call that...

9.8CVSS7.2AI score0.06842EPSS
Exploits1References6
NVD
NVD
added 2015/04/13 2:59 p.m.22 views

CVE-2014-9714

Cross-site scripting XSS vulnerability in the WddxPacket::recursiveAddVar function in HHVM aka the HipHop Virtual Machine before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddxserializevalue function...

4.3CVSS5.6AI score0.02155EPSS
Exploits1References7
Prion
Prion
added 2015/04/13 2:59 p.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in the WddxPacket::recursiveAddVar function in HHVM aka the HipHop Virtual Machine before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddxserializevalue function...

4.3CVSS6.1AI score0.02155EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2015/04/13 2:0 p.m.26 views

CVE-2014-9714

Cross-site scripting XSS vulnerability in the WddxPacket::recursiveAddVar function in HHVM aka the HipHop Virtual Machine before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddxserializevalue function...

5.6AI score0.02155EPSS
Exploits1References7
Prion
Prion
added 2007/02/13 11:28 p.m.23 views

Design/Logic Flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...

5CVSS6.1AI score0.11752EPSS
Exploits0References43Affected Software2
Rows per page
Query Builder