Lucene search
K

126 matches found

Veracode
Veracode
added 2020/04/10 12:31 a.m.26 views

Denial Of Service (DoS)

php is vulnerable to denial of service. A flaw was found in PHP's jsondecode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script...

5CVSS1.9AI score0.02396EPSS
Exploits0References24Affected Software1
Veracode
Veracode
added 2020/04/10 12:15 a.m.38 views

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash...

7.5CVSS2AI score0.11694EPSS
Exploits0References37Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.5 views

The vulnerability of daughter FPM processes in the PHP interpreter allows attackers to bypass access control in OpCache and gain unauthorized access to protected information.

The vulnerability of daughter FPM processes in the PHP interpreter is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to bypass opcache access controls and gain unauthorized access to protected information...

4.7CVSS6.5AI score0.00831EPSS
Exploits0References12Affected Software4
Veracode
Veracode
added 2019/05/02 5:4 a.m.54 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code...

7.5CVSS9.5AI score0.30128EPSS
Exploits16References20Affected Software5
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.6 views

The vulnerability of the xml_elem_parse_buf() function in the PHP programming language lies in its ability to read data beyond the boundaries of the memory buffer, allowing an attacker to gain unauthorized access to protected data.

The vulnerability of the xmlelemparsebuf function ext/xmlrpc/libxmlrpc/xmlelement.c in the PHP interpreter is related to reading data beyond the boundaries of the memory buffer. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected data...

9.8CVSS6.8AI score0.10059EPSS
Exploits1References7Affected Software2
Veracode
Veracode
added 2019/01/15 8:51 a.m.177 views

Arbitrary Code Execution

php-cgi is susceptible to arbitrary code execution. An attacker can inject arbitrary script because it does not properly handle the query strings without an = equals sign character, leading to malicious code execution with the privileges of the PHP interpreter...

9.8CVSS7.2AI score0.99998EPSS
Exploits42References31Affected Software2
BDU FSTEC
BDU FSTEC
added 2018/04/12 12:0 a.m.4 views

The vulnerability of the php_stream_url_wrap_http_ex function in the PHP interpreter allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the phpstreamurlwraphttpex function located in ext/standard/httpfopenwrapper.c in the PHP interpreter arises due to an out-of-buffer operation on the stack. Exploitation of this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by usi...

9.8CVSS7.8AI score0.87883EPSS
Exploits3References11Affected Software1
myhack58
myhack58
added 2017/10/11 12:0 a.m.46 views

To expose the spike Trend Micro multiple products RCE vulnerability flaws bug-a vulnerability warning-the black bar safety net

The framework of the network security of ever more and more give rise to a network security staff to the presence of dependents, for example, the Apache Struts case because within the framework of a wide range of vulnerabilities flaws bug the excitation of the network hits the firing presumably...

7.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/08/10 12:0 a.m.8 views

The vulnerability of the zend_string_extend function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.

The vulnerability of the zendstringextend function in the PHP interpreter is related to insufficient control over modifications to object instances of the sequence type. Exploiting this vulnerability could allow a malicious actor to cause service failures or other adverse effects e.g., terminatio...

7.5CVSS6.8AI score0.07191EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/08/10 12:0 a.m.7 views

The vulnerability of the i_zval_ptr_dtor function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.

The vulnerability of the izvalptrdtor function in the PHP interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause service failures or other effects such as memory consumption or termination of the application by using...

7.5CVSS7.8AI score0.03558EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/07/20 12:0 a.m.8 views

The vulnerability of the PHP interpreter allows attackers to trigger a service failure for the central processor.

The vulnerability of the PHP interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a failure in the central processor’s service by injecting long variables related to main/phpvariables.c...

7.8CVSS6.6AI score0.08255EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/07/14 12:0 a.m.5 views

The vulnerability of the component implementation in ext/standard/var.c of the PHP interpreter allows a attacker to cause a service failure or exert other effects.

The vulnerability in the implementation of components in ext/standard/var.c of the PHP interpreter is related to the use of memory after it is freed. Exploiting this vulnerability may allow an attacker, operating remotely, to cause a service failure the use of a resource after it is freed or have...

7.5CVSS7.5AI score0.04303EPSS
Exploits2References6Affected Software1
OpenVAS
OpenVAS
added 2017/07/11 12:0 a.m.44 views

PHP 'phar_parse_pharfile' Function DoS Vulnerability - Windows

PHP is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.1CVSS7.4AI score0.0471EPSS
Exploits1References2
OSV
OSV
added 2017/07/10 2:29 p.m.40 views

CVE-2017-11143

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...

7.5CVSS9.3AI score
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2017/04/06 12:0 a.m.6 views

The vulnerability of the PHP interpreter, which allows attackers to escalate their privileges

The vulnerability of the apache2handler/modphp or php-fpm configuration of the PHP interpreter exists due to deficiencies in access control during the inheritance of certain classes related to the operating code. Exploiting this vulnerability allows a malicious actor to enhance their privileges...

6.8CVSS7.4AI score0.02937EPSS
Exploits1References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.4 views

The vulnerability of the PHP interpreter allows a remote attacker to trigger a service failure or otherwise affect the system.

The vulnerability of the PHP interpreter in the pharrenamearchive function pharobject.c lies in the use of memory after it is freed. As a result of exploiting this vulnerability, a malicious actor who operates remotely can cause service interruptions or otherwise affect the system by attempting t...

7.5CVSS6.7AI score0.14771EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

The vulnerability of the PHP interpreter allows a remote attacker to cause an application to terminate abnormally.

The vulnerability in the PHP interpreter’s GetCode function, located in the gdgifin.c file of the GD component, allows a malicious actor to cause an unexpected termination of the application by reading memory beyond the buffer using a specially crafted GIF image. This image is incorrectly process...

5CVSS6.9AI score0.15531EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/06/17 12:0 a.m.3 views

The vulnerability of the PHP interpreter, allowing attackers to execute XXE and XXL attacks

The vulnerability of the ext/libxml/libxml.c file in the PHP interpreter arises from the fact that, when using PHP-FPM, the isolation of individual data threads is not properly implemented. Exploiting this vulnerability allows a remote attacker to execute XXE and XXL attacks using a specially...

6.8CVSS7.6AI score0.04026EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/06/17 12:0 a.m.4 views

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the odbcBindcols function ext/odbc/phpodbc.c in the PHP interpreter arises due to incorrect handling of the SQLWVARCHAR column by the driver. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure application termination by using t...

5CVSS7.6AI score0.03419EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/06/09 12:0 a.m.4 views

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the graphemestrpos function ext/intl/grapheme/graphemestring.c in the PHP interpreter exists due to the reading of data beyond the specified buffer. Exploiting this vulnerability may allow an attacker to cause a service failure reading beyond the memory limit, or it may have...

7.5CVSS7.5AI score0.06229EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder