UBUNTU-CVE-2015-8873

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls...

PHP integer overflow vulnerability (CNVD-2016-02715)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. An integer overflow vulnerability exists in PHP, which can be exploited by remote attackers to cause a denial of service crash...

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the wddx.c function in the PHP WDDX interpreter is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service failure or potentially other effects, such as memory corruption or the termination of the application,...

UBUNTU-CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

PHP 'php_var_unserialize()' function code execution vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A code execution vulnerability exists in PHP. An attacker could exploit this vulnerability to execute arbitrary code, which could also result in...

PHP 'valuePop()' Function Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP. An attacker could exploit this vulnerability to cause a denial of service...

PHP PCRE extension has multiple vulnerabilities

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from a heap buffer overflow and denial of service vulnerability in the PCRE extension, which can be exploited by an attacker to cause an applicatio...

PHP Remote Denial of Service Vulnerability

PHP foreign name: PHP: Hypertext Preprocessor, Chinese name: "Hypertext Preprocessor" is a general-purpose open source scripting language. PHP has a remote denial of service vulnerability that can be exploited by attackers to crash an application and deny service to legitimate users...

php: Double-free in zend_ts_hash_graceful_destroy()

A double free flaw was found in zendtshashgracefuldestroy function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash...

Zeuscart Information Disclosure Vulnerability

ZeusCart is an open source shopping system based on PHP and MySQL designed for small and medium-sized online stores. A security vulnerability exists in ZeusCart version 4. A remote attacker can exploit the vulnerability to obtain configuration information by calling the 'phpinfo' function in admi...

UBUNTU-CVE-2014-8142

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys...

php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...

php: ArrayIterator use-after-free due to object change during sorting

A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

OpenPNE vulnerable to PHP Object Injection

Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...

php: hash table collisions CPU usage DoS (oCERT-2011-003)

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

php: FastCGI module DoS via multiple dots preceding the extension

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

PHP parse_str() arbitrary variable overwrite

Title: PHP parsestr arbitrary variable overwrite Vendor: http://www.php.net/ Advisory: http://www.acid-root.new.fr/advisories/14070612.txt Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/06/12 Released on: 2007/06/12 Risk level: Medium / High I.BACKGROUND Quote from php.net PHP is a...

PT-2007-4161 · Abc · Abc Excel Parser Pro

Name of the Vulnerable Software and Affected Versions: ABC Excel Parser Pro version 4.0 Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the parser path parameter. Recommendations: For ABC Excel Parser Pro version 4.0, consider restricting...

security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...