3 matches found
PHP Fileinfo Component Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display the properties of a file and support batch modification of its properties. A security...
UBUNTU-CVE-2016-4343
The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service uninitialized pointer dereference or possibly have unspecified other impact via a crafted TAR archi...
CVE-2009-5016
Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...