Zikula Directory Traversal Vulnerability

Zikula is the Zikula Foundation's set of PHP application frameworks for building and maintaining Web sites, which can be extended with third-party add-on modules into communities, portals, e-commerce, and more. A directory traversal vulnerability exists in the jcss.php file in Zikula versions 1.3...

php: Null pointer dereference in exif_process_user_comment

The exifprocessusercomment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted JPEG image...

php: Out-of-bounds memory read via gdImageRotateInterpolated

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted image file could cause a PHP application using the imagerotate function to disclose portions of the server memory or crash the PHP application...

php: Double free in _php_mb_regex_ereg_replace_exec

A double free flaw was found in the mberegreplacecallback function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash...

[SECURITY] Fedora 25 Update: php-7.0.12-2.fc25

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

PHP Denial of Service Vulnerability (CNVD-2016-07713)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

ALPINE-CVE-2016-7416

ext/intl/msgformat/msgformatformat.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via ...

PHP virtual_popen function heap overflow vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A heap overflow vulnerability exists in the PHP virtualpopen function, which allows remote attackers to exploit the vulnerability to execute arbitrary code...

PHP heap buffer overflow vulnerability (CNVD-2016-07335)

PHP is a new language for writing CGI programs. PHP suffers from a heap buffer overflow vulnerability. A remote attacker can exploit this vulnerability to overwrite a 4-byte heap buffer, causing a denial of service or execution of arbitrary code...

PHP JsonSerializable::jsonSerialize json_encode Local Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. PHP 7.0 A local denial of service vulnerability exists in JsonSerializable::jsonSerialize jsonencode. Allows an attacker to exploit the vulnerability to launch a denial of service attack...

PHP 5.0.0 'snmpwalkoid()' Local Denial of Service Vulnerability

PHP is a new language for writing CGI programs. A local denial of service vulnerability exists in PHP 5.0.0 'snmpwalkoid', which can be exploited by attackers to launch denial of service attacks...

PHP 'php_quot_print_encode()' function integer overflow vulnerability

PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability in the PHP 'phpquotprintencode' function allows an attacker to exploit the vulnerability to execute arbitrary code in the context of a user's affected application, or a failed attack will result i...

Multiple Denial of Service Vulnerabilities in PHP 'ext/sqlite3/sqlite3.c'

PHP is an open source general-purpose computer scripting language. PHP 'ext/sqlite3/sqlite3.c' has multiple denial of service vulnerabilities that could be exploited by an attacker to crash an application, resulting in a denial of service...

PHP 'ext/session/session.c' Remote Command Execution Vulnerability

PHP is an open source general-purpose computer scripting language. A remote command execution vulnerability exists in PHP 'ext/session/session.c', which allows an attacker to exploit the vulnerability to execute arbitrary script code, obtain sensitive information, and a failed attempt will result...

PHP 'zend_virtual_cwd()' function null pointer reference denial of service vulnerability

PHP is an open source general-purpose computer scripting language. The PHP 'zendvirtualcwd' function null pointer reference denial of service vulnerability allows attackers to exploit the vulnerability to cause a denial of service...

PHP 'unserialize()' memory error references remote command execution vulnerability

PHP is an open source general-purpose computer scripting language. PHP 'unserialize' suffers from a memory error referencing a remote command execution vulnerability, which allows an attacker to exploit the vulnerability to execute arbitrary code in the context of a user's affected application,...

PHP 'interface.c' Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. A denial of service vulnerability exists in PHP 'interface.c' that allows attackers to exploit the vulnerability to crash an application, resulting in a denial of service...

PHP 'ext/readline/readline.c' Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. PHP 'ext/readline/readline.c' has a denial of service vulnerability that allows attackers to exploit the vulnerability to crash an application, causing a denial of service...

PHP 'php_snmp_parse_oid()' function integer overflow vulnerability

PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability exists in the PHP 'phpsnmpparseoid' function. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application...

DEBIAN-CVE-2013-7456

gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted image that is mishandled by...