CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability in the WddxPacket::recursiveAddVar function in HHVM aka the HipHop Virtual Machine before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddxserializevalue function...

4.3CVSS5.9AI score0.02155EPSS

Exploits1References3

Veracode•added 2019/05/16 2:59 a.m.•24 views

Null Pointer Dereference

PHP is vulnerable to null pointer deference vulnerability. The vulnerability exists in the phpwddxpopelement function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddxdeserializ...

7.5CVSS8.2AI score0.05879EPSS

Exploits0References8Affected Software1

Veracode•added 2019/05/16 2:59 a.m.•34 views

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds read attacks. This exists in the phpwddxpushelement function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS9.6AI score0.06974EPSS

Exploits0References14Affected Software1

Veracode•added 2019/05/16 2:59 a.m.•49 views

Null Pointer Dereference

PHP is vulnerable to null pointer dereference vulnerability. This exists in ext/wddx/wddx.c which allows remote attackers to cause a denial of service via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string...

7.5CVSS8.1AI score0.06789EPSS

Exploits0References12Affected Software1

Veracode•added 2019/05/16 2:59 a.m.•34 views

Use After Free

PHP is vulnerable to use after free vulnerability. The vulnerability exists in the wddxstackdestroy function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset...

9.8CVSS9.8AI score0.06654EPSS

Exploits1References12Affected Software1

BDU FSTEC•added 2017/07/14 12:0 a.m.•4 views

The vulnerability of the php_wddx_push_element function in the PHP interpreter allows a hacker to trigger a service failure or exert other effects.

The vulnerability of the phpwddxpushelement function in the PHP interpreter arises from reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or other effects such as reading beyond the memory limit, causing memory...

7.5CVSS7.7AI score0.06974EPSS

Exploits0References10Affected Software1

Ubuntu•added 2017/02/14 6:44 p.m.•125 views

USN-3196-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-9912 It was discovered that PHP incorrectly handled...

9.8CVSS8.1AI score0.42401EPSS

Exploits3

Prion•added 2017/01/24 9:59 p.m.•23 views

Null pointer dereference

The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...

5CVSS7AI score0.05879EPSS

Exploits0References6Affected Software1

Debian CVE•added 2017/01/24 9:0 p.m.•25 views

CVE-2016-10162

Removed by vendor...

7.5CVSS8.6AI score0.05879EPSS

Exploits0

Prion•added 2017/01/04 8:59 p.m.•33 views

Null pointer dereference

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service NULL pointer dereference via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string...

5CVSS7AI score0.06789EPSS

Exploits0References10Affected Software1

OSV•added 2017/01/04 8:59 p.m.•41 views

CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS7.7AI score

Exploits0References12

NVD•added 2017/01/04 8:59 p.m.•27 views

CVE-2016-9935

9.8CVSS9.9AI score0.06974EPSS

Exploits0References12

CVE•added 2017/01/04 8:0 p.m.•373 views

CVE-2016-9934

CVE-2016-9934 affects PHP’s WDDX extension (ext/wddx/wddx.c) in PHP before 5.6.28 and 7.x before 7.0.13, allowing remote attackers to cause a denial of service via crafted serialized data in a wddxPacket XML document (demonstrated by a PDORow string). Connected advisories corroborate the issue ac...

7.5CVSS7.5AI score0.06789EPSS

Exploits0References10Affected Software1

EUVD•added 2017/01/04 8:0 p.m.•3 views

EUVD-2016-10721

7.5CVSS7.4AI score0.06789EPSS

Exploits0References16