Total
697 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2015-11-16 | 6.5 MEDIUM | N/A |
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||||
CVE-2014-8626 | 1 Php | 1 Php | 2015-04-29 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. | |||||
CVE-2014-9426 | 1 Php | 1 Php | 2015-03-16 | 7.5 HIGH | N/A |
** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable. | |||||
CVE-2014-2020 | 1 Php | 1 Php | 2014-03-07 | 5.0 MEDIUM | N/A |
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | |||||
CVE-2013-7328 | 1 Php | 1 Php | 2014-03-07 | 5.8 MEDIUM | N/A |
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226. | |||||
CVE-2012-1171 | 1 Php | 1 Php | 2014-02-18 | 5.0 MEDIUM | N/A |
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | |||||
CVE-2013-1635 | 1 Php | 1 Php | 2014-01-27 | 7.5 HIGH | N/A |
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. | |||||
CVE-2013-1643 | 1 Php | 1 Php | 2014-01-27 | 5.0 MEDIUM | N/A |
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. | |||||
CVE-2011-1398 | 1 Php | 1 Php | 2013-10-10 | 4.3 MEDIUM | N/A |
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. | |||||
CVE-2013-4635 | 1 Php | 1 Php | 2013-09-11 | 5.0 MEDIUM | N/A |
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. | |||||
CVE-2011-4718 | 1 Php | 1 Php | 2013-08-13 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | |||||
CVE-2013-2220 | 2 Php, Radius Extension Project | 2 Php, Radius | 2013-07-31 | 7.5 HIGH | N/A |
Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. | |||||
CVE-2013-4636 | 1 Php | 1 Php | 2013-06-24 | 4.3 MEDIUM | N/A |
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. | |||||
CVE-2013-3735 | 1 Php | 1 Php | 2013-06-02 | 5.0 MEDIUM | N/A |
** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id." | |||||
CVE-2012-3450 | 1 Php | 1 Php | 2013-04-18 | 2.6 LOW | N/A |
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | |||||
CVE-2012-5381 | 1 Php | 1 Php | 2013-03-01 | 6.0 MEDIUM | N/A |
** DISPUTED ** Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation. | |||||
CVE-2011-3379 | 1 Php | 1 Php | 2012-07-02 | 7.5 HIGH | N/A |
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. | |||||
CVE-2001-1247 | 1 Php | 1 Php | 2012-06-24 | 6.4 MEDIUM | N/A |
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | |||||
CVE-2007-1461 | 1 Php | 1 Php | 2011-07-12 | 7.8 HIGH | N/A |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | |||||
CVE-2007-1460 | 1 Php | 1 Php | 2011-05-23 | 5.0 MEDIUM | N/A |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. |