Lucene search
K

151 matches found

OSV
OSV
added 2016/08/07 10:59 a.m.3 views

CVE-2016-3132

Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spldllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index...

9.8CVSS7.8AI score0.11674EPSS
Exploits1References5
Prion
Prion
added 2016/08/07 10:59 a.m.21 views

Double free

Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spldllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index...

7.5CVSS8.1AI score0.11674EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2016/08/07 10:0 a.m.70 views

CVE-2016-3132

CVE-2016-3132: A double free vulnerability in PHP’s SplDoublyLinkedList::offsetSet (ext/spl/spl_dllist.c) affects PHP 7.x prior to 7.0.6. Exploitation via a crafted index allows remote code execution. The affected software is PHP 7.x before 7.0.6; the root cause is the double free in the offsetSe...

9.8CVSS9.5AI score0.11674EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2016/06/24 12:0 a.m.38 views

CVE-2016-5768

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

9.8CVSS7.2AI score0.0963EPSS
Exploits1References3
NVD
NVD
added 2016/05/22 1:59 a.m.12 views

CVE-2015-8880

Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error...

10CVSS9.6AI score0.02953EPSS
Exploits0References1
Prion
Prion
added 2016/05/22 1:59 a.m.18 views

Double free

Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error...

10CVSS7.2AI score0.02953EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/05/22 1:0 a.m.508 views

CVE-2015-8880

CVE-2015-8880 is a PHP vulnerability described as a double free in the format printer that affects PHP 7.x up to but not including 7.0.1. The NVD entry specifies that remote attackers could trigger an error and cause an unspecified impact. The connected OpenVAS entries corroborate the same CVE an...

10CVSS9.4AI score0.02953EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2016/05/22 1:0 a.m.23 views

CVE-2015-8880

Removed by vendor...

10CVSS9.4AI score0.02953EPSS
Exploits0
Prion
Prion
added 2016/05/20 11:0 a.m.17 views

Code injection

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

7.5CVSS8AI score0.05932EPSS
Exploits0References17Affected Software2
myhack58
myhack58
added 2016/05/09 12:0 a.m.100 views

Safety warning: PHP zip component integer overflow remote command execution-vulnerability warning-the black bar safety net

A, detailed description: In PHP 7 is due. x versions, which php Vulnerability report at 3. 2 9 has been submitted to the vulnerability to official ! 4. 2 8, official released 7. 0. 6 version fixes the vulnerability, while the author in github released the exp ! Second, the problem of proof: !...

7.5CVSS2.1AI score0.5851EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2016/05/06 12:0 a.m.25 views

CVE-2016-3132

Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spldllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index...

9.8CVSS7.4AI score0.11674EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/04/29 3:38 a.m.32 views

Internet Bug Bounty: xml_parse_into_struct segmentation fault

https://bugs.php.net/bug.php?id=72099 Invalid memory access while parsing XML input using xmlparseintostruct, parser-level wasn't being checked and then used as an offset parser-ltagsparser-level-1. Reported to developers on 2016-04-25, fixed 2016-04-25 and released at 2016-04-28, affected PHP 5....

7AI score
Exploits0
Hacker One
Hacker One
added 2016/04/29 3:23 a.m.23 views

Internet Bug Bounty: Out-of-bounds reads in zif_grapheme_stripos with negative offset

https://bugs.php.net/bug.php?id=72061 graphemestripos from the intl extension had a security issue when handling negative offsets, this allowed to read from arbitrary memory locations. Reported to developers on 2016-04-24, fixed 2016-04-29 and released at 2016-04-28, affected PHP 5.5 , 5.6 and 7...

6.9AI score
Exploits0
myhack58
myhack58
added 2016/04/29 12:0 a.m.90 views

The use of PHP 7 is due to the OPcache execute PHP code-bug warning-the black bar safety net

from:http://blog. gosecure. ca/2 0 1 6/0 4/2 7/binary-webshell-through-opcache-in-php-7/ In the PHP 7.0 release at the beginning, there are a lot of PHP developers for its performance improvement is very attention. In the introduction of OPcache, PHP performance has been greatly improved, many...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2016/04/29 12:0 a.m.47 views

CVE-2016-4342

ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 TAR, 2 ZIP, or 3 PHAR archive...

8.8CVSS7.1AI score0.05345EPSS
Exploits2References2
OSV
OSV
added 2016/01/19 5:59 a.m.9 views

CVE-2016-1904

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the 1 phpescapeshellcmd or 2 phpescapeshellarg function, leading to a heap-based buffer overflow...

7.3CVSS7.9AI score
Exploits0References5
NVD
NVD
added 2016/01/19 5:59 a.m.22 views

CVE-2015-6527

The phpstrreplaceinsubject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the strireplace function...

7.5CVSS7.5AI score0.03861EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2016/01/19 5:59 a.m.16 views

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

10CVSS7.4AI score0.23871EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2016/01/19 5:59 a.m.25 views

CVE-2015-8616

Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collatorsort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging the relationships between a key buffer...

8.6CVSS7.2AI score0.02173EPSS
Exploits1References3
Prion
Prion
added 2016/01/19 5:59 a.m.13 views

Format string

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

10CVSS8.1AI score0.23871EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder