Lucene search
K

46 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:11 p.m.28 views

K12253: PHP vulnerability CVE-2010-2225

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS9.8AI score0.05342EPSS
Exploits1
Veracode
Veracode
added 2019/01/15 8:53 a.m.34 views

Remote Code Execution (RCE)

php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...

6.8CVSS7.1AI score0.12652EPSS
Exploits2References15Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/07/31 12:0 a.m.34 views

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)

php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...

4.6CVSS0.5AI score0.05868EPSS
Exploits1References6
seebug.org
seebug.org
added 2013/12/18 12:0 a.m.113 views

PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞

BUGTRAQ ID: 64225 CVECAN ID: CVE-2013-6420 PHP 5.3.27之前版本、5.4.22之前版本、5.5.6之前版本解析x.509证书时,"asn1timetotimet"函数ext/openssl/openssl.c出错,攻击者通过特制的x.509证书利用此漏洞可破坏内存。 0 PHP PHP 5.5.x PHP PHP 5.4.x PHP PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...

7.5CVSS7.5AI score0.35635EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2013/07/16 12:0 a.m.33 views

PHP 5.3.x < 5.3.27 Information Disclosure

Binary data 801404.prm...

6.8CVSS7.9AI score0.05186EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/06/07 12:0 a.m.49 views

PHP 5.3.x < 5.3.26 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the function 'phpquotprintencode' in the file 'ext/standard/quotprint.c' that could allow a heap-based...

5CVSS8.4AI score0.06748EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/03/04 12:0 a.m.35 views

PHP 5.3.x < 5.3.22 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.22. It is, therefore, potentially affected by the following vulnerabilities : - An error exists in the file 'ext/soap/soap.c' related to the 'soap.wsdlcachedir' configuration directive and writing cache...

7.5CVSS8.3AI score0.10136EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/03/04 12:0 a.m.27 views

PHP 5.3.x < 5.3.22 Multiple Vulnerabilities

Binary data 801086.prm...

7.5CVSS7.9AI score0.10136EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/01/22 12:0 a.m.20 views

PHP 5.3.x < 5.3.21 cURL X.509 Certificate Domain Name Matching MiTM Weakness

Binary data 6671.prm...

5.8CVSS7.3AI score0.00601EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/22 12:0 a.m.11 views

PHP 5.3.x < 5.3.21 cuRL X.509 Certificate Domain Name Matching MiTM Weakness

Binary data 801093.prm...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/08/28 12:0 a.m.34 views

PHP 5.3.x < 5.3.15 Multiple Vulnerabilities

Binary data 6556.prm...

10CVSS8AI score0.10467EPSS
Exploits2References3
Prion
Prion
added 2012/08/07 7:55 p.m.22 views

Authentication flaw

The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...

4.3CVSS7.7AI score0.02456EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2012/08/07 7:0 p.m.30 views

CVE-2012-2317

The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...

7AI score0.02456EPSS
Exploits0References4
seebug.org
seebug.org
added 2012/05/09 12:0 a.m.55 views

PHP 5.3.x目录遍历漏洞

BUGTRAQ ID: 53403 CVE ID: CVE-2012-1172 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP在实现上存在目录遍历漏洞,远程攻击者可利用带有目录遍历序列的特制请求检索、破坏或上传任意位置上的任意文件。 0 PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...

5.8CVSS9.6AI score0.06365EPSS
Exploits2
seebug.org
seebug.org
added 2012/02/13 12:0 a.m.68 views

PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)

Bugtraq ID: 51954 CVE ID:CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc,这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://bugs.php.net/bug.php?id=61043...

6.8CVSS9.5AI score0.06709EPSS
Exploits2
Packet Storm
Packet Storm
added 2012/01/01 12:0 a.m.127 views

PHP 5.3.x Hashtables Proof Of Concept

...

5CVSS9.6AI score0.83911EPSS
Exploits15
seebug.org
seebug.org
added 2011/08/31 12:0 a.m.14 views

PHP 5.3.x md5计算函数crypt漏洞导致安全模式绕过

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/04/28 12:0 a.m.11 views

PHP 5.2.x<5.2.14,5.3.x<5.3.3 addcslashes函数信息泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/03/18 12:0 a.m.59 views

PHP &quot;substr_replace()&quot;释放后重用远程内存破坏漏洞

BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞,远程攻击者可利用此漏洞在网络服务器中执行任意代码,造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时,PHP会使该函数中的三个变量使用同一个指针,所以当函数中的类型转换更改了该指针,该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁: PHP ---...

7.5CVSS8.2AI score0.04609EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2011/03/18 12:0 a.m.88 views

PHP 5.3 < 5.3.6 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6. - A NULL pointer can be dereferenced in the function 'zipnamelocate' when processing empty archives and can lead to application crashes or code execution. Exploitation requires the...

7.5CVSS8.9AI score0.17881EPSS
Exploits25References23
Rows per page
Query Builder