126 matches found
The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.
The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the `build_tablename` function (`pgsql.c`) of the PHP programming language interpreter allows a hacker to trigger a service failure.
The vulnerability of the buildtablename function in the PHP programming language interpreter is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the PHP interpreter is related to an error in processing paths to files containing the character \x00. This error allows attackers to gain unauthorized access to files or directories.
The vulnerability of the PHP interpreter extension is related to an error in processing paths to files containing the character \x00. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to files or directories...
The vulnerability of the zend_ini_do_op() function in the PHP interpreter allows a hacker to execute arbitrary PHP code.
The vulnerability of the zendinidoop function Zend/zendini parser.c in the PHP interpreter is caused by buffer overflow. Exploiting this vulnerability could allow a remote attacker to execute arbitrary PHP code...
The vulnerability in the `ext/standard/link_win32.c` component of the PHP interpreter allows a perpetrator to compromise data confidentiality.
The vulnerability of the ext/standard/linkwin32.c component of the PHP interpreter involves exposing protected information. Exploiting this vulnerability could allow a malicious actor to compromise data confidentiality remotely...
The vulnerability of the `ext/standard/var_unserializer.c` component of the PHP interpreter allows a attacker to cause a service failure.
The vulnerability of the ext/standard/varunserializer.c component of the PHP interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to cause service failures by invoking the com, dotnet, or variant classes...
The vulnerability in the ext/session/session.c component of the PHP programming language interpreter allows a hacker to modify user session data.
The vulnerability of the ext/session/session.c component in the PHP programming language exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a remote attacker to modify user session data...
The vulnerability of the `gdimagewebpctx` function in the GD Graphics Library, a programming language interpreter for PHP, allows attackers to trigger a service failure or potentially cause other adverse effects.
The vulnerability of the gdimagewebpctx function in the GD Graphics Library, a programming language interpreter for PHP, is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to cause service interruptions or potentially have other effects through the invocation...
GHSA-PR9Q-V585-QV2W Improper Privilege Management in Open Web Analytics
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
Design/Logic Flaw
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.
The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
SUSE: Security Advisory (SUSE-SU-2016:1581-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the mbfl_filt_conv_big5_wchar function in the PHP interpreter allows a hacker to access protected information or cause service failures.
The vulnerability of the mbflfiltconvbig5wchar function in the PHP interpreter arises due to an operation being performed outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause service failures...
ownCloud: Remote Code Execution through "Files_antivirus" plugin
Hi, I would like to report a Remote Code Execution in OwnCloud. The flaw is exploitable as an authenticated user and level of privileges required is "Administrator". Vulnerable component is the plugin "filesantivirus", freely downloadable via the market and available in owncloud github repository...
The vulnerability of the PHP programming language interpreter, related to reading beyond the buffer boundaries of memory, allows attackers to gain unauthorized access to information.
The vulnerability of the PHP programming language interpreter is related to reading beyond the buffer boundaries of memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information...
USN-4330-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-7062 It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information...
Remote Code Execution (RCE)
PHP is vulnerable to remote code execution RCE. It was discovered that the fix for CVE-2011-4885 released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively introduced an uninitialized memory use flaw. A remote attacker cou...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as an integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian with a large value could cause the PHP interpreter to crash...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that the PHP fnmatch function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch on untrusted matching pattern...