Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6420 | 3 Apple, Opensuse, Php | 3 Mac Os X, Opensuse, Php | 2025-04-11 | 7.5 HIGH | N/A |
|
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
|
|||||
| CVE-2009-5016 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
|
|||||
| CVE-2012-2329 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
|
|||||
| CVE-2011-0708 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
|
|||||
| CVE-2012-2311 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
|
|||||
| CVE-2013-4636 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
|
|||||
| CVE-2011-0421 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
|
|||||
| CVE-2010-3062 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
|
|||||
| CVE-2013-4635 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
|
|||||
| CVE-2012-0789 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
|
|||||
| CVE-2010-1864 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
|||||
| CVE-2011-4718 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
|
|||||
| CVE-2010-1861 | 1 Php | 1 Php | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.
|
|||||
| CVE-2011-0752 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.
|
|||||
| CVE-2013-4113 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
|
|||||
| CVE-2011-3182 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/time ...
Show More |
|||||
| CVE-2011-1471 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
|
|||||
| CVE-2011-1468 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
|
|||||
| CVE-2012-2376 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-11 | 10.0 HIGH | N/A |
|
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
|
|||||
| CVE-2013-1643 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
|
|||||
| CVE-2011-0753 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
|
|||||
| CVE-2010-1915 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
|
|||||
| CVE-2012-3450 | 1 Php | 1 Php | 2025-04-11 | 2.6 LOW | N/A |
|
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
|
|||||
| CVE-2010-1128 | 1 Php | 1 Php | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
|
|||||
| CVE-2012-0057 | 1 Php | 1 Php | 2025-04-11 | 6.4 MEDIUM | N/A |
|
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
|
|||||
| CVE-2012-2143 | 4 Debian, Freebsd, Php and 1 more | 4 Debian Linux, Freebsd, Php and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
|
|||||
| CVE-2010-4409 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
|
|||||
| CVE-2010-2100 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
|||||
| CVE-2011-3379 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
|
|||||
| CVE-2010-1862 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
|||||
| CVE-2010-3436 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
|
|||||
| CVE-2011-1467 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
|
|||||
| CVE-2012-4388 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011- ...
Show More |
|||||
| CVE-2013-7328 | 1 Php | 1 Php | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.
|
|||||
| CVE-2011-2483 | 3 Openwall, Php, Postgresql | 3 Crypt Blowfish, Php, Postgresql | 2025-04-11 | 5.0 MEDIUM | N/A |
|
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
|
|||||
| CVE-2010-2101 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
|||||
| CVE-2012-0830 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
|
|||||
| CVE-2010-2094 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_str ...
Show More |
|||||
| CVE-2010-4698 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.
|
|||||
| CVE-2011-0755 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
|
|||||