41 matches found
SUSE CVE-2011-1464
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service application crash via a small numerical value in the argument...
PHP 安全漏洞
PHP is a scripting language in which PHP is executed server-side. PHP has a security vulnerability. An attacker exploiting the vulnerability can read or change data...
CVE-2022-41538
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-30459
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simplechatbot/classes/Master.php?f=deleteresponse, id...
The vulnerability of the imagetruecolortopalette function in the PHP programming language allows a perpetrator to trigger a service failure or potentially cause other effects.
The vulnerability of the imagetruecolortopalette function ext/gd/gd.c in the PHP programming language is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability may allow a remote attacker to cause a service failure or potentially have other adverse effects...
UBUNTU-CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...
PHP Null Pointer Dereference Vulnerability
PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A nu...
gd: Information disclosure in gdImageCreateFromXbm()
When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...
Command Execution Vulnerability in DouPHP BLOG
DouPHPBLOG1.5 is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. DouPHPBLOG1.5 suffers from a code execution vulnerability that can be exploited by an attacker to gain control of the server...
SemCMS foreign trade website php version we***.php file has SQL injection vulnerability
SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox , google, 360 and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run...
PHP 'gd_gif_in.c' Memory Corruption Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory corruption vulnerability exists in PHP 'gdgifin.c'. An attacker could exploit this vulnerability to achieve a denial of service or caus...
PHP 'wddx.c' Null Pointer Reference Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...
PHP wddx module release re-reference vulnerability
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A heap block release dereference vulnerability exists in the phpwddxpushelement function of the PHP wddx module, which could allow a remote attacker to execute arbitrary co...
UBUNTU-CVE-2016-7416
ext/intl/msgformat/msgformatformat.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via ...
PHP 'mbc_to_code()' Function Stack Buffer Overflow Vulnerability
PHP is an open source general-purpose computer scripting language. A stack buffer overflow vulnerability exists in the PHP 'mbctocode' Function, which allows an attacker to exploit the vulnerability to execute arbitrary code in the context of an affected application, or a failed attack will resul...
PHP: sets environmental variable based on user supplied Proxy request header
It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...
UBUNTU-CVE-2016-6297
Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...
The vulnerability of the PHP interpreter allows a remote attacker to gain access to memory areas beyond the application’s boundaries, or cause the application to terminate abnormally.
The vulnerability of the PHP interpreter in the mconvert function located in the Fileinfo component’s script, softmagic.c causes an error in the pointer to the field that stores the length of the string under certain copy scenarios. As a result, a malicious actor can gain access to memory areas...
UBUNTU-CVE-2015-8879
The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...
PHP GD Component Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD is one of the graphical extensions library component. A denial of service vulnerability exists in the GD componen...