Lucene search
K

77 matches found

CNVD
CNVD
added 2019/09/10 12:0 a.m.4 views

PHP pecl-http extension buffer overflow vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development , support for a variety of databases and operating systems...

9.8CVSS7.9AI score0.06797EPSS
Exploits1References1
OSV
OSV
added 2019/09/06 7:15 p.m.7 views

UBUNTU-CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

9.8CVSS6.1AI score0.06797EPSS
Exploits1References5
OSV
OSV
added 2019/06/19 4:15 p.m.4 views

CVE-2018-18758

Open Faculty Evaluation System 7 for PHP 7 allows submitfeedback.php SQL Injection, a different vulnerability than CVE-2018-18757...

9.8CVSS5.8AI score0.02338EPSS
Exploits1References2
OSV
OSV
added 2019/04/23 12:5 p.m.8 views

USN-3953-1 php7.0, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.1CVSS6.9AI score0.04409EPSS
Exploits1References3
OSV
OSV
added 2019/03/26 4:56 p.m.6 views

USN-3922-1 php7.0, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641...

9.8CVSS6.7AI score0.09395EPSS
Exploits5References6
CNVD
CNVD
added 2018/12/22 12:0 a.m.3 views

PHP7CMS v2018-10-09 has an arbitrary file read vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS v2018-10-09 exists an arbitrary file read vulnerability, which can be exploited by an attacker to read arbitrary files...

6.9AI score
Exploits0
CNVD
CNVD
added 2018/12/03 12:0 a.m.3 views

UKCMS has an information leakage vulnerability

UKcms is a web content management system based on PHP7 and mysql technology. UKCMS is vulnerable to information leakage. An attacker can obtain information about database backup files through constructed links...

6.7AI score
Exploits0
CNVD
CNVD
added 2018/10/25 12:0 a.m.3 views

Code Execution Vulnerability in PHP7CMS Frontend

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. A code execution vulnerability exists in the frontend of PHP7CMS. The vulnerability is due to the IP header of PHP7CMS is written to the log file without being...

8.1AI score
Exploits0
OSV
OSV
added 2017/05/24 3:29 p.m.4 views

ALPINE-CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...

9.8CVSS7AI score0.06265EPSS
Exploits1References1
OSV
OSV
added 2017/05/12 8:29 p.m.4 views

UBUNTU-CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

9.8CVSS6.8AI score0.07191EPSS
Exploits1References5
OSV
OSV
added 2017/04/03 5:59 a.m.5 views

UBUNTU-CVE-2017-6441

The zvalgetlongfuncex in Zend/zendoperators.c in PHP 7.1.2 allows attackers to cause a denial of service NULL pointer dereference and application crash via crafted use of "declareticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do n...

7.5CVSS7.3AI score0.01832EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/04/03 12:0 a.m.5 views

PT-2017-17068 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP version 7.1.2 Description: The issue in the zval get long func ex function in Zend/zend operators.c allows attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via crafted use of...

9.8CVSS7.6AI score0.07511EPSS
Exploits4References21
Positive Technologies
Positive Technologies
added 2017/01/24 12:0 a.m.10 views

PT-2017-4183 · Php +3 · Php +3

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.30 PHP versions 7.0.x prior to 7.0.15 Description: The issue is caused by an integer overflow in the phar parse pharfile function, allowing remote attackers to cause a denial of service, potentially leading to memory...

9.8CVSS8AI score0.42401EPSS
Exploits9References135
ATTACKERKB
ATTACKERKB
added 2017/01/12 12:59 a.m.3 views

CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...

9.8CVSS6.2AI score0.41943EPSS
Exploits1References10
OSV
OSV
added 2017/01/04 12:0 a.m.4 views

UBUNTU-CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...

9.8CVSS7.2AI score0.04152EPSS
Exploits2References4
CNVD
CNVD
added 2016/12/30 12:0 a.m.4 views

PHP Standard PHP Library Memory Misreference Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C, C++, etc. The Standard PHP Libra...

7.5CVSS7.7AI score0.42401EPSS
Exploits1References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.5 views

PHP 7 ZEND_HASH_IF_FULL_DO_RESIZE Memory Misreference Vulnerability

PHP foreign name: Hypertext Preprocessor, Chinese name: "Hypertext Preprocessor" is a general-purpose open source scripting language. An internal error misreference vulnerability exists in PHP 7 ZENDHASHIFFULLDORESIZE. When deserializing a string, if the number of elements used in a HashTable has...

6.7AI score
Exploits0References1
Rows per page
Query Builder