Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

633 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19518 4 Php, University Of Washington, Debian and 1 more 4 Php, Uw-imap, Debian Linux and 1 more 2019-03-05 8.5
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without...
CVE-2016-5385 5 Hp, Php, Oracle and 2 more 8 System Management Homepage, Php, Fedora and 5 more 2019-03-04 5.1
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote...
CVE-2015-8867 2 Php, Canonical 2 Php, Ubuntu Linux 2019-02-14 5.0
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to...
CVE-2015-8866 2 Php, Canonical 2 Php, Ubuntu Linux 2019-02-14 6.8
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and...
CVE-2015-8876 1 Php 1 Php 2019-02-14 7.5
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or...
CVE-2015-8878 1 Php 1 Php 2019-02-14 7.1
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that...
CVE-2015-1351 3 Apple, Oracle, Php 5 Solaris, Mac Os X, Php and 2 more 2019-02-04 7.5
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2018-19520 2 Php, Sdcms 2 Php, Sdcms 2019-02-04 6.5
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to...
CVE-2006-7086 2 Php, Mrcgiguy 2 Php Perl Hot Links, Php Perl Hot Links 2019-01-02 4.3
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.
CVE-2018-19395 1 Php 1 Php 2018-12-27 5.0
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in...
CVE-2017-9226 3 Oniguruma Project, Ruby-lang, Php 3 Oniguruma, Ruby, Php 2018-10-31 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers...
CVE-2017-9224 3 Oniguruma Project, Ruby-lang, Php 3 Oniguruma, Ruby, Php 2018-10-31 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of...
CVE-2015-2787 5 Apple, Php, Novell and 2 more 10 Enterprise Linux Desktop, Php, Enterprise Linux Hpc Node and 7 more 2018-10-30 7.5
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize...
CVE-2015-2331 6 Fedoraproject, Debian, Php and 3 more 6 Libzip, Debian Linux, Php and 3 more 2018-10-30 7.5
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a...
CVE-2015-2348 5 Apple, Php, Novell and 2 more 10 Enterprise Linux Desktop, Php, Enterprise Linux Hpc Node and 7 more 2018-10-30 5.0
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended...
CVE-2013-6712 4 Apple, Php, Novell and 1 more 4 Mac Os X, Php, Opensuse and 1 more 2018-10-30 5.0
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted...
CVE-2013-6420 4 Apple, Php, Novell and 1 more 4 Mac Os X, Php, Opensuse and 1 more 2018-10-30 7.5
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to...
CVE-2014-4049 3 Php, Novell, Opensuse 3 Php, Opensuse, Opensuse 2018-10-30 5.1
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the...
CVE-2016-4541 4 Php, Fedoraproject, Novell and 1 more 4 Leap, Php, Fedora and 1 more 2018-10-30 7.5
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other...
CVE-2016-4544 4 Php, Fedoraproject, Novell and 1 more 4 Leap, Php, Fedora and 1 more 2018-10-30 7.5
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or...