VYPR

Vendor CVEs

PHP

All CVEs

764 total · sorted by risk
  • CVE-2011-3182Aug 25, 2011
    risk 0.05cvss epss 0.19

    PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the…

  • CVE-2011-2202Jun 16, 2011
    risk 0.05cvss epss 0.19

    The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a…

  • CVE-2011-1938May 31, 2011
    risk 0.05cvss epss 0.23

    Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

  • CVE-2010-4409Dec 6, 2010
    risk 0.05cvss epss 0.19

    Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.

  • CVE-2006-1490Mar 29, 2006
    risk 0.05cvss epss 0.21

    PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue…

  • CVE-2003-0172Apr 2, 2003
    risk 0.05cvss epss 0.19

    Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.

  • CVE-2002-2029Dec 31, 2002
    risk 0.05cvss epss 0.25

    PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.

  • CVE-2000-0967Dec 19, 2000
    risk 0.05cvss epss 0.21

    PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

  • CVE-2015-4024Jun 9, 2015
    risk 0.04cvss epss 0.50

    Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an…

  • CVE-2014-8142Dec 20, 2014
    risk 0.04cvss epss 0.53

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper…

  • CVE-2011-1398Aug 30, 2012
    risk 0.04cvss epss 0.10

    The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to…

  • CVE-2012-3450Aug 6, 2012
    risk 0.04cvss epss 0.11

    pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash)…

  • CVE-2012-0789Feb 14, 2012
    risk 0.04cvss epss 0.08

    Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.

  • CVE-2012-0788Feb 14, 2012
    risk 0.04cvss epss 0.09

    The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start…

  • CVE-2012-0781Jan 18, 2012
    risk 0.04cvss epss 0.11

    The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability…

  • CVE-2011-4153Jan 18, 2012
    risk 0.04cvss epss 0.12

    PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted…

  • CVE-2011-1471Mar 20, 2011
    risk 0.04cvss epss 0.13

    Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

  • CVE-2011-1470Mar 20, 2011
    risk 0.04cvss epss 0.10

    The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

  • CVE-2011-1468Mar 20, 2011
    risk 0.04cvss epss 0.13

    Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.

  • CVE-2011-1467Mar 20, 2011
    risk 0.04cvss epss 0.13

    Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

  • CVE-2011-0708Mar 20, 2011
    risk 0.04cvss epss 0.10

    exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

  • CVE-2011-0421Mar 20, 2011
    risk 0.04cvss epss 0.14

    The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP…

  • CVE-2011-1092Mar 15, 2011
    risk 0.04cvss epss 0.18

    Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.

  • CVE-2011-0420Feb 19, 2011
    risk 0.04cvss epss 0.14

    The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

  • CVE-2010-4645Jan 11, 2011
    risk 0.04cvss epss 0.15

    strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly…

  • CVE-2010-3870Nov 12, 2010
    risk 0.04cvss epss 0.11

    The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted…

  • CVE-2010-4156Nov 10, 2010
    risk 0.04cvss epss 0.13

    The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

  • CVE-2010-3709Nov 9, 2010
    risk 0.04cvss epss 0.13

    The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

  • CVE-2010-2094May 27, 2010
    risk 0.04cvss epss 0.13

    Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1)…

  • CVE-2010-1130Mar 26, 2010
    risk 0.04cvss epss 0.09

    session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument…

  • CVE-2010-1128Mar 26, 2010
    risk 0.04cvss epss 0.08

    The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid…

  • CVE-2010-0397Mar 16, 2010
    risk 0.04cvss epss 0.12

    The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and…

  • CVE-2009-4142Dec 21, 2009
    risk 0.04cvss epss 0.07

    The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte…

  • CVE-2009-2626Dec 1, 2009
    risk 0.04cvss epss 0.08

    The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the…

  • CVE-2009-4018Nov 29, 2009
    risk 0.04cvss epss 0.11

    The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary…

  • CVE-2009-4017Nov 24, 2009
    risk 0.04cvss epss 0.12

    PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to…

  • CVE-2008-5498Dec 26, 2008
    risk 0.04cvss epss 0.09

    Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

  • CVE-2008-5625Dec 17, 2008
    risk 0.04cvss epss 0.07

    PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.

  • CVE-2008-2666Jun 20, 2008
    risk 0.04cvss epss 0.14

    Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok…

  • CVE-2007-3997Sep 4, 2007
    risk 0.04cvss epss 0.14

    The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

  • CVE-2007-4596Aug 30, 2007
    risk 0.04cvss epss 0.08

    The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.

  • CVE-2007-4586Aug 29, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate…

  • CVE-2007-4255Aug 8, 2007
    risk 0.04cvss epss 0.09

    Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

  • CVE-2007-4033Jul 27, 2007
    risk 0.04cvss epss 0.19

    Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll…

  • CVE-2007-3806Jul 17, 2007
    risk 0.04cvss epss 0.11

    The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to…

  • CVE-2007-3799Jul 16, 2007
    risk 0.04cvss epss 0.08

    The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the…

  • CVE-2007-3294Jun 20, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the…

  • CVE-2007-2872Jun 4, 2007
    risk 0.04cvss epss 0.09

    Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

  • CVE-2007-0448May 24, 2007
    risk 0.04cvss epss 0.07

    The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

  • CVE-2007-2519May 22, 2007
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the…

Page 7 of 16