flatCore Cross-Site Request Forgery Vulnerability

flatCore is a web content management system based on PHP5 and SQLite3. A cross-site request forgery vulnerability exists in flatCore, which allows remote attackers to exploit the vulnerability to construct malicious URIs and trick users into parsing them, which can be used to cause the target use...

SUSE-SU-2017:0761-1 Security update for php5

This update for php5 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability bsc1027210...

USN-3196-1 php5 vulnerabilities

It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-9912 It was discovered that PHP incorrectly handled...

PT-2017-4183 · Php +3 · Php +3

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.30 PHP versions 7.0.x prior to 7.0.15 Description: The issue is caused by an integer overflow in the phar parse pharfile function, allowing remote attackers to cause a denial of service, potentially leading to memory...

RockMongo has multiple vulnerabilities

RockMongo is a PHP5 written MongoDB management tool . Cross-site request forgery and cross-site scripting vulnerabilities exist in RockMongo version 1.1.8. An attacker can exploit the vulnerabilities to execute arbitrary and scripted code within a user's browser session in the context of an...

PHP 5.0.0 'fbird_[p]connect()' Local Denial of Service Vulnerability

PHP is a new language for writing CGI programs. A local denial of service vulnerability exists in PHP 5.0.0 'fbirdpconnect', which can be exploited by an attacker to launch a denial of service attack...

PHP 5.0.0 'snmpwalk()' Local Denial of Service Vulnerability

PHP is a new language for writing CGI programs. A local denial of service vulnerability exists in PHP 5.0.0 'snmpwalk', which can be exploited by attackers to launch denial of service attacks...

DEBIAN-CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

Zend zend-diactoros has multiple vulnerabilities

Zend Framework is a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services . zend-diactoros is an implementation of PSR-7 HTTP messages . A cross-site scripting vulnerability and an open redirection vulnerability exists in Zend...

USN-2254-1 php5 vulnerabilities

Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...

PT-2012-5963 · Microsoft +1 · Windows 8 +4

Name of the Vulnerable Software and Affected Versions: PHP version 5.3.17 Description: The issue is related to an untrusted search path vulnerability in the installation functionality of PHP. This vulnerability might allow local users to gain privileges via a Trojan horse DLL in the C:PHP...

DEBIAN-CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

php information disclosure via mb_strcut()

The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...

php: session serializer session data injection vulnerability (MOPS-2010-060)

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

PT-2010-4084 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 5.2.0 through 5.2.13 PHP versions 5.3.0 through 5.3.2 Description: The issue allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion, due to the...

No title provided

The JSONparser function ext/json/JSONparser.c in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service segmentation fault via a malformed string to the jsondecode API function...

PT-2008-3624 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.4.7 PHP versions 5.x through 5.2.4 Description: The issue arises from the GENERATE SEED macro, which, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion...

security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...