77 matches found
PHP pecl-http extension buffer overflow vulnerability
PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development , support for a variety of databases and operating systems...
UBUNTU-CVE-2016-7398
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
CVE-2018-18758
Open Faculty Evaluation System 7 for PHP 7 allows submitfeedback.php SQL Injection, a different vulnerability than CVE-2018-18757...
USN-3953-1 php7.0, php7.2 vulnerabilities
It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3922-1 php7.0, php7.2 vulnerabilities
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641...
PHP7CMS v2018-10-09 has an arbitrary file read vulnerability
PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS v2018-10-09 exists an arbitrary file read vulnerability, which can be exploited by an attacker to read arbitrary files...
UKCMS has an information leakage vulnerability
UKcms is a web content management system based on PHP7 and mysql technology. UKCMS is vulnerable to information leakage. An attacker can obtain information about database backup files through constructed links...
Code Execution Vulnerability in PHP7CMS Frontend
PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. A code execution vulnerability exists in the frontend of PHP7CMS. The vulnerability is due to the IP header of PHP7CMS is written to the log file without being...
ALPINE-CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...
UBUNTU-CVE-2017-8923
The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...
UBUNTU-CVE-2017-6441
The zvalgetlongfuncex in Zend/zendoperators.c in PHP 7.1.2 allows attackers to cause a denial of service NULL pointer dereference and application crash via crafted use of "declareticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do n...
PT-2017-17068 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP version 7.1.2 Description: The issue in the zval get long func ex function in Zend/zend operators.c allows attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via crafted use of...
PT-2017-4183 · Php +3 · Php +3
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.30 PHP versions 7.0.x prior to 7.0.15 Description: The issue is caused by an integer overflow in the phar parse pharfile function, allowing remote attackers to cause a denial of service, potentially leading to memory...
CVE-2016-7479
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...
UBUNTU-CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
PHP Standard PHP Library Memory Misreference Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C, C++, etc. The Standard PHP Libra...
PHP 7 ZEND_HASH_IF_FULL_DO_RESIZE Memory Misreference Vulnerability
PHP foreign name: Hypertext Preprocessor, Chinese name: "Hypertext Preprocessor" is a general-purpose open source scripting language. An internal error misreference vulnerability exists in PHP 7 ZENDHASHIFFULLDORESIZE. When deserializing a string, if the number of elements used in a HashTable has...