40 matches found
K95432245: PHP vulnerability CVE-2016-5768
Security Advisory Description Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application...
CVE-2014-3622
Use-after-free vulnerability in the addpostvar function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value...
CVE-2014-3622
CVE-2014-3622 describes a use-after-free in PHP 5.6.x prior to 5.6.1 affecting the Posthandler component (add_post_var). The underlying issue could let remote attackers execute arbitrary code through a third-party filter extension that accesses a specific ksep value. Practical impact is remote co...
PHP 5.6.x < 5.6.33 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version numbe...
PHP 5.6.x < 5.6.40 Multiple vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...
PHP 7.1.x < 7.1.26 Multiple vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...
PHP 5.6.x < 5.6.40 Multiple vulnerabilities.
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc function in gdinterpolation.c. An unauthenticated, remote attacker can hav...
PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37 or 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...
PHP 5.6.x < 5.6.34 Stack Buffer Overflow
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.34. It is, therefore, affected by a stack buffer overflow vulnerability. Note that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported...
PHP 5.6.x < 5.6.2 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.2. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function 'mkgmtime' that can allow application crashes or arbitrary code execution. CVE-2014-3668...
PHP 5.6.x < 5.6.4 process_nested_data() RCE
According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.4. It is, therefore, affected by a use-after-free error in the 'processnesteddata' function within 'ext/standard/varunserializer.re' due to improper handling of duplicate keys within the serialized...
PHP 5.6.x < 5.6.28 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.28. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the parseurl function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to hav...
PHP 5.6.x < 5.6.10 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression PCRE library due to improper validatio...
PHP 5.6.x < 5.6.22 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.22. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in the gdContributionsCalc function within file ext/gd/libgd/gdinterpolation.c. An unauthenticated,...
PHP 5.6.x < 5.6.19 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...
PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.24. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wi...
PHP 5.6.x < 5.6.33 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - A potential infinite loop in gdImageCreateFromGifCtx. CVE-2018-5711 - A reflected XSS in .phar 404 page exists due to improper validati...
PHP 5.6.x / MyBB 1.8.3 Remote Code Execution
GMP Deserialization Type Confusion Vulnerability MyBB - Write Date: 2015.4.28 - Release Date: 2017.1.20 A type-confusion vulnerability was discovered in GMP deserialization with crafted object's wakeup magic method that can be abused for updating any already assigned properties of any already...
PHP 5.6.x < 5.6.30 Multiple Vulnerabilities
Binary data 9937.prm...
Integer overflow
Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...