Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead...

7.4CVSS

7.4AI Score

0.003EPSS

2017-03-27 05:59 PM
135
cve
cve

CVE-2017-6485

A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in.....

6.1CVSS

5.8AI Score

0.001EPSS

2017-03-05 08:59 PM
25
cve
cve

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details.....

7.5CVSS

7.4AI Score

0.004EPSS

2017-03-02 06:59 AM
462
cve
cve

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms...

9.8CVSS

9.5AI Score

0.276EPSS

2017-02-07 03:59 PM
38
cve
cve

CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess...

7.5CVSS

7.2AI Score

0.015EPSS

2017-02-01 11:59 PM
31
cve
cve

CVE-2016-10158

The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by.....

7.5CVSS

8.1AI Score

0.044EPSS

2017-01-24 09:59 PM
105
4
cve
cve

CVE-2016-10161

The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data...

7.5CVSS

8.1AI Score

0.036EPSS

2017-01-24 09:59 PM
89
4
cve
cve

CVE-2016-10162

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...

7.5CVSS

8.1AI Score

0.014EPSS

2017-01-24 09:59 PM
51
cve
cve

CVE-2016-10159

Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR...

7.5CVSS

8.3AI Score

0.582EPSS

2017-01-24 09:59 PM
104
4
cve
cve

CVE-2016-10160

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias...

9.8CVSS

9.7AI Score

0.024EPSS

2017-01-24 09:59 PM
115
3
cve
cve

CVE-2016-5873

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a...

9.8CVSS

9.8AI Score

0.056EPSS

2017-01-23 09:59 PM
19
cve
cve

CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code...

9.8CVSS

9.7AI Score

0.01EPSS

2017-01-12 12:59 AM
69
cve
cve

CVE-2016-7480

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized...

9.8CVSS

9.6AI Score

0.005EPSS

2017-01-11 07:59 AM
75
4
cve
cve

CVE-2017-5340

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function.....

9.8CVSS

9.7AI Score

0.487EPSS

2017-01-11 06:59 AM
69
4
cve
cve

CVE-2016-7478

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to...

7.5CVSS

7AI Score

0.103EPSS

2017-01-11 06:59 AM
187
4
cve
cve

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for...

9.8CVSS

8.7AI Score

0.201EPSS

2017-01-04 08:59 PM
58
cve
cve

CVE-2014-9912

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or...

9.8CVSS

9.7AI Score

0.011EPSS

2017-01-04 08:59 PM
176
cve
cve

CVE-2016-9934

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow...

7.5CVSS

7.5AI Score

0.061EPSS

2017-01-04 08:59 PM
91
cve
cve

CVE-2016-9933

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call...

7.5CVSS

7.3AI Score

0.136EPSS

2017-01-04 08:59 PM
93
4
cve
cve

CVE-2016-9138

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with...

9.8CVSS

9.8AI Score

0.007EPSS

2017-01-04 08:59 PM
95
cve
cve

CVE-2016-9935

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML...

9.8CVSS

9.8AI Score

0.029EPSS

2017-01-04 08:59 PM
113
4
cve
cve

CVE-2016-7568

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and...

9.8CVSS

9.1AI Score

0.011EPSS

2016-09-28 08:59 PM
109
cve
cve

CVE-2016-7418

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML...

7.5CVSS

8.4AI Score

0.026EPSS

2016-09-17 09:59 PM
108
4
cve
cve

CVE-2016-7417

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized...

9.8CVSS

8.4AI Score

0.013EPSS

2016-09-17 09:59 PM
147
4
cve
cve

CVE-2016-7416

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact...

7.5CVSS

8.3AI Score

0.037EPSS

2016-09-17 09:59 PM
123
cve
cve

CVE-2016-7414

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted...

9.8CVSS

8.2AI Score

0.022EPSS

2016-09-17 09:59 PM
147
4
cve
cve

CVE-2016-7413

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field...

9.8CVSS

8.4AI Score

0.017EPSS

2016-09-17 09:59 PM
150
cve
cve

CVE-2016-7412

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field...

8.1CVSS

8.4AI Score

0.016EPSS

2016-09-17 09:59 PM
125
cve
cve

CVE-2016-7411

ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed...

9.8CVSS

8.3AI Score

0.018EPSS

2016-09-17 09:59 PM
145
4
cve
cve

CVE-2016-7134

ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a...

9.8CVSS

8.9AI Score

0.042EPSS

2016-09-12 01:59 AM
40
cve
cve

CVE-2016-7133

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long...

8.1CVSS

8.8AI Score

0.012EPSS

2016-09-12 01:59 AM
42
cve
cve

CVE-2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as...

7.5CVSS

7.9AI Score

0.012EPSS

2016-09-12 01:59 AM
78
cve
cve

CVE-2016-7131

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as...

7.5CVSS

7.7AI Score

0.012EPSS

2016-09-12 01:59 AM
66
cve
cve

CVE-2016-7130

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...

7.5CVSS

7.9AI Score

0.022EPSS

2016-09-12 01:59 AM
68
4
cve
cve

CVE-2016-7129

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that...

9.8CVSS

7.9AI Score

0.013EPSS

2016-09-12 01:59 AM
119
4
cve
cve

CVE-2016-7128

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF...

5.3CVSS

6.7AI Score

0.005EPSS

2016-09-12 01:59 AM
76
4
cve
cve

CVE-2016-7127

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second...

9.8CVSS

7.8AI Score

0.022EPSS

2016-09-12 01:59 AM
93
4
cve
cve

CVE-2016-7126

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other...

9.8CVSS

7.7AI Score

0.022EPSS

2016-09-12 01:59 AM
92
4
cve
cve

CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object...

7.5CVSS

7.3AI Score

0.006EPSS

2016-09-12 01:59 AM
77
cve
cve

CVE-2016-7124

ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method...

9.8CVSS

7.9AI Score

0.028EPSS

2016-09-12 01:59 AM
115
cve
cve

CVE-2016-5430

The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack...

5.3CVSS

5.1AI Score

0.001EPSS

2016-09-03 08:59 PM
16
4
cve
cve

CVE-2016-5429

jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and...

3.7CVSS

4.1AI Score

0.002EPSS

2016-09-03 08:59 PM
24
cve
cve

CVE-2016-4851

Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

5.9AI Score

0.001EPSS

2016-09-02 01:59 AM
20
cve
cve

CVE-2016-6207

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified...

6.5CVSS

6.7AI Score

0.02EPSS

2016-08-12 03:59 PM
122
4
cve
cve

CVE-2016-6128

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color...

7.5CVSS

6.7AI Score

0.034EPSS

2016-08-07 10:59 AM
75
cve
cve

CVE-2016-5773

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application...

9.8CVSS

8.3AI Score

0.063EPSS

2016-08-07 10:59 AM
191
cve
cve

CVE-2016-5772

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is...

9.8CVSS

8.4AI Score

0.02EPSS

2016-08-07 10:59 AM
123
2
cve
cve

CVE-2016-5771

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted...

9.8CVSS

8.2AI Score

0.014EPSS

2016-08-07 10:59 AM
160
4
cve
cve

CVE-2016-5770

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to...

9.8CVSS

8.3AI Score

0.06EPSS

2016-08-07 10:59 AM
166
4
cve
cve

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length...

9.8CVSS

9.8AI Score

0.05EPSS

2016-08-07 10:59 AM
146
4
Total number of security vulnerabilities1262