CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2015-8878

main/phpopentemporaryfile.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service race condition and heap memory corruption by leveraging an application that performs many temporary-file accesses...

PHP 5.5.x < 5.5.35 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.35. It is, therefore, affected by multiple vulnerabilities : - A signedness error exists in the GD Graphics library within file gdgd2.c due to improper validation of user-supplied input when handlin...

Code injection

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation...

CVE-2016-3171

Removed by vendor...

PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities

Binary data 8787.prm...

CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)

According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchantbrokerrequestdict function in ext/enchant/enchant.c could allow a remote attacker to cause ...

Amazon Linux AMI : php55 (ALAS-2014-362)

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the Fileinfo component i...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

PHP 5.5.x < 5.5.15 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x in use on the remote web server is a version prior to 5.5.15. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the file 'ext/spl/spldllist.c' related to the Standard PHP Library SPL. Using a speciall...

Design/Logic Flaw

The cdfcheckstreamoffset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service application crash via a crafted stream offset in a CDF...

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities

Binary data 8320.prm...

PHP 5.5.x < 5.5.12 FPM Unix Socket Insecure Permission Escalation

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.12. It is, therefore, potentially affected by a permission escalation vulnerability. A flaw exists within the FastCGI Process Manager FPM when setting permissions for a Unix socket. This could...