126 matches found
Denial Of Service (DoS)
php is vulnerable to denial of service. A flaw was found in PHP's jsondecode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script...
Arbitrary Code Execution
php is vulnerable to arbitrary code execution. A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash...
The vulnerability of daughter FPM processes in the PHP interpreter allows attackers to bypass access control in OpCache and gain unauthorized access to protected information.
The vulnerability of daughter FPM processes in the PHP interpreter is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to bypass opcache access controls and gain unauthorized access to protected information...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code...
The vulnerability of the xml_elem_parse_buf() function in the PHP programming language lies in its ability to read data beyond the boundaries of the memory buffer, allowing an attacker to gain unauthorized access to protected data.
The vulnerability of the xmlelemparsebuf function ext/xmlrpc/libxmlrpc/xmlelement.c in the PHP interpreter is related to reading data beyond the boundaries of the memory buffer. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected data...
Arbitrary Code Execution
php-cgi is susceptible to arbitrary code execution. An attacker can inject arbitrary script because it does not properly handle the query strings without an = equals sign character, leading to malicious code execution with the privileges of the PHP interpreter...
The vulnerability of the php_stream_url_wrap_http_ex function in the PHP interpreter allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the phpstreamurlwraphttpex function located in ext/standard/httpfopenwrapper.c in the PHP interpreter arises due to an out-of-buffer operation on the stack. Exploitation of this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by usi...
To expose the spike Trend Micro multiple products RCE vulnerability flaws bug-a vulnerability warning-the black bar safety net
The framework of the network security of ever more and more give rise to a network security staff to the presence of dependents, for example, the Apache Struts case because within the framework of a wide range of vulnerabilities flaws bug the excitation of the network hits the firing presumably...
The vulnerability of the zend_string_extend function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.
The vulnerability of the zendstringextend function in the PHP interpreter is related to insufficient control over modifications to object instances of the sequence type. Exploiting this vulnerability could allow a malicious actor to cause service failures or other adverse effects e.g., terminatio...
The vulnerability of the i_zval_ptr_dtor function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.
The vulnerability of the izvalptrdtor function in the PHP interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause service failures or other effects such as memory consumption or termination of the application by using...
The vulnerability of the PHP interpreter allows attackers to trigger a service failure for the central processor.
The vulnerability of the PHP interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a failure in the central processor’s service by injecting long variables related to main/phpvariables.c...
The vulnerability of the component implementation in ext/standard/var.c of the PHP interpreter allows a attacker to cause a service failure or exert other effects.
The vulnerability in the implementation of components in ext/standard/var.c of the PHP interpreter is related to the use of memory after it is freed. Exploiting this vulnerability may allow an attacker, operating remotely, to cause a service failure the use of a resource after it is freed or have...
PHP 'phar_parse_pharfile' Function DoS Vulnerability - Windows
PHP is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2017-11143
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...
The vulnerability of the PHP interpreter, which allows attackers to escalate their privileges
The vulnerability of the apache2handler/modphp or php-fpm configuration of the PHP interpreter exists due to deficiencies in access control during the inheritance of certain classes related to the operating code. Exploiting this vulnerability allows a malicious actor to enhance their privileges...
The vulnerability of the PHP interpreter allows a remote attacker to trigger a service failure or otherwise affect the system.
The vulnerability of the PHP interpreter in the pharrenamearchive function pharobject.c lies in the use of memory after it is freed. As a result of exploiting this vulnerability, a malicious actor who operates remotely can cause service interruptions or otherwise affect the system by attempting t...
The vulnerability of the PHP interpreter allows a remote attacker to cause an application to terminate abnormally.
The vulnerability in the PHP interpreter’s GetCode function, located in the gdgifin.c file of the GD component, allows a malicious actor to cause an unexpected termination of the application by reading memory beyond the buffer using a specially crafted GIF image. This image is incorrectly process...
The vulnerability of the PHP interpreter, allowing attackers to execute XXE and XXL attacks
The vulnerability of the ext/libxml/libxml.c file in the PHP interpreter arises from the fact that, when using PHP-FPM, the isolation of individual data threads is not properly implemented. Exploiting this vulnerability allows a remote attacker to execute XXE and XXL attacks using a specially...
The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure
The vulnerability of the odbcBindcols function ext/odbc/phpodbc.c in the PHP interpreter arises due to incorrect handling of the SQLWVARCHAR column by the driver. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure application termination by using t...
The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.
The vulnerability of the graphemestrpos function ext/intl/grapheme/graphemestring.c in the PHP interpreter exists due to the reading of data beyond the specified buffer. Exploiting this vulnerability may allow an attacker to cause a service failure reading beyond the memory limit, or it may have...