Lucene search
K

41 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1464

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service application crash via a small numerical value in the argument...

4.3CVSS7AI score0.02801EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.3 views

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. PHP has a security vulnerability. An attacker exploiting the vulnerability can read or change data...

9.1CVSS7.4AI score0.02134EPSS
Exploits0References8
OSV
OSV
added 2022/10/14 5:15 a.m.3 views

CVE-2022-41538

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS6AI score0.00955EPSS
Exploits1References1
OSV
OSV
added 2022/05/24 2:15 p.m.9 views

CVE-2022-30459

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simplechatbot/classes/Master.php?f=deleteresponse, id...

8.8CVSS5.8AI score0.00921EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.8 views

The vulnerability of the imagetruecolortopalette function in the PHP programming language allows a perpetrator to trigger a service failure or potentially cause other effects.

The vulnerability of the imagetruecolortopalette function ext/gd/gd.c in the PHP programming language is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability may allow a remote attacker to cause a service failure or potentially have other adverse effects...

10CVSS7.8AI score0.08819EPSS
Exploits1References12Affected Software2
OSV
OSV
added 2021/07/02 12:0 a.m.3 views

UBUNTU-CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

5.3CVSS6.8AI score0.01945EPSS
Exploits1References4
CNVD
CNVD
added 2020/02/28 12:0 a.m.2 views

PHP Null Pointer Dereference Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A nu...

7.5CVSS9.1AI score0.0351EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/08/19 8:42 a.m.4 views

gd: Information disclosure in gdImageCreateFromXbm()

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5.3CVSS7AI score0.04332EPSS
Exploits1References4
CNVD
CNVD
added 2019/08/02 12:0 a.m.3 views

Command Execution Vulnerability in DouPHP BLOG

DouPHPBLOG1.5 is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. DouPHPBLOG1.5 suffers from a code execution vulnerability that can be exploited by an attacker to gain control of the server...

7.8AI score
Exploits0
CNVD
CNVD
added 2018/09/30 12:0 a.m.3 views

SemCMS foreign trade website php version we***.php file has SQL injection vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox , google, 360 and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run...

7.5AI score
Exploits0
CNVD
CNVD
added 2017/07/12 12:0 a.m.2 views

PHP 'gd_gif_in.c' Memory Corruption Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory corruption vulnerability exists in PHP 'gdgifin.c'. An attacker could exploit this vulnerability to achieve a denial of service or caus...

6.5CVSS6.8AI score0.03418EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/25 12:0 a.m.2 views

PHP 'wddx.c' Null Pointer Reference Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

6.6AI score
Exploits0References1
CNVD
CNVD
added 2016/09/18 12:0 a.m.5 views

PHP wddx module release re-reference vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A heap block release dereference vulnerability exists in the phpwddxpushelement function of the PHP wddx module, which could allow a remote attacker to execute arbitrary co...

9.8CVSS8.8AI score0.06654EPSS
Exploits1References1
OSV
OSV
added 2016/09/17 12:0 a.m.2 views

UBUNTU-CVE-2016-7416

ext/intl/msgformat/msgformatformat.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via ...

7.5CVSS7.2AI score0.06672EPSS
Exploits1References6
CNVD
CNVD
added 2016/08/30 12:0 a.m.3 views

PHP 'mbc_to_code()' Function Stack Buffer Overflow Vulnerability

PHP is an open source general-purpose computer scripting language. A stack buffer overflow vulnerability exists in the PHP 'mbctocode' Function, which allows an attacker to exploit the vulnerability to execute arbitrary code in the context of an affected application, or a failed attack will resul...

7.7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/08/11 9:52 p.m.5 views

PHP: sets environmental variable based on user supplied Proxy request header

It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...

8.1CVSS6.8AI score0.50427EPSS
Exploits0References4
OSV
OSV
added 2016/07/25 12:0 a.m.4 views

UBUNTU-CVE-2016-6297

Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...

8.8CVSS7.5AI score0.05265EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

The vulnerability of the PHP interpreter allows a remote attacker to gain access to memory areas beyond the application’s boundaries, or cause the application to terminate abnormally.

The vulnerability of the PHP interpreter in the mconvert function located in the Fileinfo component’s script, softmagic.c causes an error in the pointer to the field that stores the length of the string under certain copy scenarios. As a result, a malicious actor can gain access to memory areas...

5CVSS6.7AI score0.0545EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/05/22 1:59 a.m.6 views

UBUNTU-CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

7.5CVSS7.3AI score0.03419EPSS
Exploits1References3
CNVD
CNVD
added 2016/05/17 12:0 a.m.4 views

PHP GD Component Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD is one of the graphical extensions library component. A denial of service vulnerability exists in the GD componen...

7.5CVSS8.3AI score0.08276EPSS
Exploits1References1
Rows per page
Query Builder