VYPR

Vendor CVEs

PHP

All CVEs

763 total · sorted by risk
  • CVE-2014-0237Jun 1, 2014
    risk 0.00cvss epss 0.20

    The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

  • CVE-2014-0185May 6, 2014
    risk 0.00cvss epss 0.01

    sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

  • CVE-2013-7345Mar 24, 2014
    risk 0.00cvss epss 0.03

    The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers…

  • CVE-2014-2270Mar 14, 2014
    risk 0.00cvss epss 0.04

    softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

  • CVE-2013-4433Mar 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.

  • CVE-2014-1943Feb 18, 2014
    risk 0.00cvss epss 0.05

    Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

  • CVE-2014-2020Feb 18, 2014
    risk 0.00cvss epss 0.03

    ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x…

  • CVE-2013-7328Feb 18, 2014
    risk 0.00cvss epss 0.01

    Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or…

  • CVE-2013-7327Feb 18, 2014
    risk 0.00cvss epss 0.03

    The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL…

  • CVE-2013-7226Feb 18, 2014
    risk 0.00cvss epss 0.07

    Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a…

  • CVE-2012-1171Feb 15, 2014
    risk 0.00cvss epss 0.03

    The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

  • CVE-2013-6712Nov 28, 2013
    risk 0.00cvss epss 0.05

    The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

  • CVE-2013-1824Sep 16, 2013
    risk 0.00cvss epss 0.04

    The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the…

  • CVE-2013-4248Aug 18, 2013
    risk 0.00cvss epss 0.04

    The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to…

  • CVE-2011-4718Aug 13, 2013
    risk 0.00cvss epss 0.04

    Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.

  • CVE-2013-2220Jul 31, 2013
    risk 0.00cvss epss 0.04

    Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.

  • CVE-2013-4113Jul 13, 2013
    risk 0.00cvss epss 0.05

    ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct…

  • CVE-2013-4636Jun 21, 2013
    risk 0.00cvss epss 0.02

    The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an…

  • CVE-2013-4635Jun 21, 2013
    risk 0.00cvss epss 0.04

    Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.

  • CVE-2012-6113Jan 19, 2013
    risk 0.00cvss epss 0.03

    The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

  • CVE-2012-4388Sep 7, 2012
    risk 0.00cvss epss 0.04

    The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted…

  • CVE-2012-2317Aug 7, 2012
    risk 0.00cvss epss 0.02

    The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not…

  • CVE-2012-3365Jul 20, 2012
    risk 0.00cvss epss 0.03

    The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

  • CVE-2012-2143Jul 5, 2012
    risk 0.00cvss epss 0.06

    The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to…

  • CVE-2012-0057Feb 2, 2012
    risk 0.00cvss epss 0.03

    PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

  • CVE-2011-3379Nov 3, 2011
    risk 0.00cvss epss 0.05

    The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

  • CVE-2011-3268Aug 25, 2011
    risk 0.00cvss epss 0.06

    Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.

  • CVE-2011-3267Aug 25, 2011
    risk 0.00cvss epss 0.03

    PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2011-3189Aug 25, 2011
    risk 0.00cvss epss 0.04

    The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

  • CVE-2011-2483Aug 25, 2011
    risk 0.00cvss epss 0.05

    crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of…

  • CVE-2011-1657Aug 25, 2011
    risk 0.00cvss epss 0.05

    The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.

  • CVE-2011-0441Mar 29, 2011
    risk 0.00cvss epss 0.00

    The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.

  • CVE-2011-1469Mar 20, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

  • CVE-2011-1466Mar 20, 2011
    risk 0.00cvss epss 0.06

    Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.

  • CVE-2011-1464Mar 20, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.

  • CVE-2011-1148Mar 18, 2011
    risk 0.00cvss epss 0.05

    Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

  • CVE-2011-1144Mar 3, 2011
    risk 0.00cvss epss 0.00

    The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of…

  • CVE-2011-1072Mar 3, 2011
    risk 0.00cvss epss 0.00

    The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

  • CVE-2011-0755Feb 2, 2011
    risk 0.00cvss epss 0.02

    Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

  • CVE-2011-0754Feb 2, 2011
    risk 0.00cvss epss 0.00

    The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat…

  • CVE-2011-0753Feb 2, 2011
    risk 0.00cvss epss 0.01

    Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.

  • CVE-2011-0752Feb 2, 2011
    risk 0.00cvss epss 0.01

    The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures…

  • CVE-2010-4700Jan 18, 2011
    risk 0.00cvss epss 0.01

    The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input…

  • CVE-2010-4699Jan 18, 2011
    risk 0.00cvss epss 0.02

    The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and…

  • CVE-2010-4698Jan 18, 2011
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.

  • CVE-2010-4697Jan 18, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and…

  • CVE-2006-7243Jan 18, 2011
    risk 0.00cvss epss 0.05

    PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists…

  • CVE-2010-4150Dec 7, 2010
    risk 0.00cvss epss 0.06

    Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

  • CVE-2009-5016Nov 12, 2010
    risk 0.00cvss epss 0.03

    Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different…

  • CVE-2010-3710Oct 25, 2010
    risk 0.00cvss epss 0.03

    Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address…

Page 12 of 16