Denial Of Service (DoS)

PHP is vulnerable to denial of serviceDoS attacks. This occurs in the pharparsepharfile function in ext/phar/phar.c which allows remote attackers to cause a memory consumption or application crash via a truncated manifest entry in a PHAR archive...

PHP 7.0.x < 7.0.33 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.33. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

PHP 7.2.x < 7.2.13 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.39, 7.0.x prior to 7.0.33, 7.1.x prior to 7.1.25, 7.2.x prior to 7.2.13 or 7.3.x prior to 7.3.0. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerabilit...

Internet Bug Bounty: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile

Phar files with HALTCOMPILER; in unexpected places can lead to a buffer overrun. This is something I found while fuzzing with AFL using an ASAN instrumented PHP. The issue can be observed by disabling the ZEND allocator and using ASAN or valgrind/etc? with a crafted phar as input. I have prepared...

PHP 5.6.x < 5.6.39 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

PHP 7.1.x < 7.1.25 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.25. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

PHP 7.2.x < 7.2.13 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.13. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

PHP 5.6.x < 5.6.38, 7.x < 7.0.33, 7.1.x < 7.1.25, 7.2.x < 7.2.13 Multiple Vulnerabilities (Dec 2018) - Linux

PHP is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 7.3.0 [alpha|beta] < 7.3.0 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.3.0 alpha|beta prior to 7.3.0. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior t...

PHP 'phar_parse_pharfile' Function DoS Vulnerability - Linux

PHP is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)

According to its version, the installation of Tenable SecurityCenter on the remote host is affected by multiple vulnerabilities : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured ciphers with possibly either CBC or ECB modes of operation...

CVE-2016-10159

Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory consumption or application crash via a truncated manifest entry in a PHAR archive...

CVE-2016-10160

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

CVE-2016-10159

Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory consumption or application crash via a truncated manifest entry in a PHAR archive...

CVE-2016-10160

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

Memory corruption

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

CVE-2016-10160

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

CVE-2016-10159

Removed by vendor...

CVE-2016-10159

CVE-2016-10159 describes an integer overflow in phar_parse_pharfile() (ext/phar/phar.c) that affects PHP before 5.6.30 and 7.0.x before 7.0.15. A crafted PHAR archive with a truncated manifest can cause memory consumption growth or application crash (DoS). Public documents in Red Hat ALAS-2017-81...

UBUNTU-CVE-2016-10159

Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory consumption or application crash via a truncated manifest entry in a PHAR archive...