CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

CVE-2025-24785 iTop dashboard vulnerable to denial of service

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

PHP 7.3.x < 7.3.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

Internet Bug Bounty: Out-of-bounds Read in php_strip_tags_ex

The bug submitted at: https://bugs.php.net/bug.php?id=79156 The fix committed at: https://github.com/php/php-src/commit/2dc170e25d86a725fefd4c08f2bd8378820b28f5 Impact Attackers can exploit this issue to obtain sensitive information or crash PHP remotely...

UBUNTU-CVE-2017-11143

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

DSA-2403-1 php5 - code injection

Bulletin has no description...