33 matches found
CVE-2017-12932
ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...
CVE-2017-12934
Removed by vendor...
CVE-2017-12934
PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 are vulnerable to a heap use-after-free in unserializing untrusted data, specifically in ext/standard/var_unserializer.re, tied to the zval_get_type function in Zend/zend_types.h. Exploitation can impact PHP integrity (official CVE description: CVE-2...
PHP 7.0.x < 7.0.21 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...
PHP 7.0.x < 7.0.16 / 7.1.x < 7.1.2 Multiple Vulnerabilities
Binary data 700086.prm...
PHP 7.0.x < 7.0.16 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.16. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...
PHP 7.0.x < 7.0.14 RCE
Binary data 9842.prm...
PHP 7.0.x < 7.0.11 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....
PHP 7.0.x < 7.0.10 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.10. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the objectcommon2 function in varunserializer.c that occurs when handling objects during deserialization...
PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wit...
PHP 7.0.x < 7.0.5 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.5. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...
PHP 7.0.x < 7.0.4 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.4. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists in file ext/soap/phphttp.c in the makehttpsoaprequest function when handling cookie data. An...
PHP 7.0.x < 7.0.3 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.3. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...