PHP SPL Extended Integer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.SPL Standard PHP Library is a collection of interfaces and class extensions for solving typical problems. SPL Standard PHP Library is an extensio...

PHP Gettext Remote Code Execution Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C, C++, etc. Gettext is one of the...

PHP Remote Code Execution Vulnerability (CNVD-2016-05253)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A remote code execution vulnerability exists in versions of PHP prior to 5.5.36. An attacker could exploit this...

PHP suffers from httpoxy remote proxy infection vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple w...

PHP '_php_mb_regex_ereg_replace_exec' function double release vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's phpmbregexeregreplaceexec function, which can be exploited by an...

PHP 'wddx_deserialize' function double release vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's wddxdeserialize function, which can be exploited by a remote attacker to execute arbitrary code...

UBUNTU-CVE-2016-5771

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

PHP Double Release Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

UBUNTU-CVE-2015-8873

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls...

PHP integer overflow vulnerability (CNVD-2016-02715)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. An integer overflow vulnerability exists in PHP, which can be exploited by remote attackers to cause a denial of service crash...

UBUNTU-CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

PHP 'valuePop()' Function Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP. An attacker could exploit this vulnerability to cause a denial of service...

PHP 'php_var_unserialize()' function code execution vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A code execution vulnerability exists in PHP. An attacker could exploit this vulnerability to execute arbitrary code, which could also result in...

PHP PCRE extension has multiple vulnerabilities

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from a heap buffer overflow and denial of service vulnerability in the PCRE extension, which can be exploited by an attacker to cause an applicatio...

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...

PHP Remote Denial of Service Vulnerability

PHP foreign name: PHP: Hypertext Preprocessor, Chinese name: "Hypertext Preprocessor" is a general-purpose open source scripting language. PHP has a remote denial of service vulnerability that can be exploited by attackers to crash an application and deny service to legitimate users...

php: Double-free in zend_ts_hash_graceful_destroy()

A double free flaw was found in zendtshashgracefuldestroy function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash...

Zeuscart Information Disclosure Vulnerability

ZeusCart is an open source shopping system based on PHP and MySQL designed for small and medium-sized online stores. A security vulnerability exists in ZeusCart version 4. A remote attacker can exploit the vulnerability to obtain configuration information by calling the 'phpinfo' function in admi...

UBUNTU-CVE-2014-8142

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys...