Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/25 12:0 a.m.5 views

RockyLinux 9 : php (RLSA-2026:2799)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2799 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images...

8.2CVSS5.8AI score0.00474EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.5 views

RHEL 10 : php (RHSA-2026:1628)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1628 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

8.2CVSS5.8AI score0.00573EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2026/01/27 5:44 p.m.3 views

php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images

A flaw was found in PHP. The getimagesize function may leak uninitialized heap memory when processing images in multi-chunk mode, such as through php://filter. This vulnerability, caused by a bug in phpreadstreamallchunks that overwrites the buffer without advancing the pointer, allows an attacke...

7.5CVSS5.8AI score0.00474EPSS
Exploits3References5
OSV
OSV
added 2026/01/09 2:6 p.m.3 views

OESA-2026-1021 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS7.1AI score0.00474EPSS
Exploits3References3
Friends Of PHP
Friends Of PHP
added 2018/09/14 3:26 p.m.17 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/09/14 3:26 p.m.19 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
0day.today
0day.today
added 2015/03/27 12:0 a.m.27 views

Berta CMS File Upload Bypass Vulnerability

Exploit for php platform in category web applications Berta CMS is a web based content management system using PHP and local file storage. http://www.berta.me/ Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we checked the file upload...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2005/05/04 3:9 p.m.5 views

security flaw

The phpnextmarker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service infinite loop via a JPEG image with an invalid marker value, which causes a negative length value to be passed to...

5CVSS5.8AI score0.02808EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2005/05/04 3:9 p.m.6 views

security flaw

The phphandleiff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service infinite loop via a -8 size value...

5CVSS5.9AI score0.03453EPSS
Exploits0References4
Rows per page
Query Builder