CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

7.5CVSS0.00589EPSS

Exploits0References3

Cvelist•added 2025/03/30 5:43 a.m.•11 views

CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

6.3CVSS0.00757EPSS

Exploits0References1

OSV•added 2025/01/14 7:20 p.m.•15 views

BIT-PHP-MIN-2024-11233 Single byte overread with convert.quoted-printable-decode filter

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

8.2CVSS7.3AI score0.00728EPSS

Exploits1References4

OSV•added 2016/07/25 2:59 p.m.•6 views

CVE-2016-6292

The exifprocessusercomment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted JPEG image...

6.5CVSS7.5AI score

Exploits0References12

OSV•added 2016/05/20 11:0 a.m.•5 views

CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

9.8CVSS9.7AI score

Exploits0References17

seebug.org•added 2014/07/01 12:0 a.m.•12 views

PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•12 views

PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA Private-Key Disclosure Exploit

7.1AI score

Exploits0

Tenable Nessus•added 2005/01/08 12:0 a.m.•19 views

PHP < 5.0.2 Open Bracket Memory Disclosure

Binary data 2354.prm...

5CVSS7.3AI score0.08338EPSS

Exploits0References3

0day.today•added 2004/12/17 12:0 a.m.•164 views

PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled)

Exploit for unknown platform in category web applications ===================================================================== PHP tested : phpbbmemorydump.exe "http://site.com/phpbb/" 30000 -cookiename=phpbb2support a.txt result: - string detected : /home/virtual/site.com/phpBB/config.php -...

7.1AI score

Exploits0

NVD•added 2004/11/23 5:0 a.m.•12 views

CVE-2004-0263

PHP 4.3.4 and earlier in Apache 1.x and 2.x modphp can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information...

5CVSS6.5AI score0.01712EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by