Total
706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3132 | 1 Php | 1 Php | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. | |||||
| CVE-2014-3478 | 2 Christos Zoulas, Php | 2 File, Php | 2016-11-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. | |||||
| CVE-2014-5120 | 1 Php | 1 Php | 2016-10-26 | 6.4 MEDIUM | N/A |
| gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. | |||||
| CVE-2002-0717 | 1 Php | 1 Php | 2016-10-18 | 7.5 HIGH | N/A |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | |||||
| CVE-2002-0484 | 1 Php | 1 Php | 2016-10-18 | 5.0 MEDIUM | N/A |
| move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | |||||
| CVE-2002-0253 | 1 Php | 1 Php | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | |||||
| CVE-2002-0229 | 1 Php | 1 Php | 2016-10-18 | 7.5 HIGH | N/A |
| Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | |||||
| CVE-2002-0081 | 1 Php | 1 Php | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | |||||
| CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||||
| CVE-2010-3710 | 1 Php | 1 Php | 2016-08-23 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. | |||||
| CVE-2010-2484 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. | |||||
| CVE-2010-2101 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-2100 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-2097 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-1864 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-1862 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-1860 | 1 Php | 1 Php | 2016-08-23 | 5.0 MEDIUM | N/A |
| The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. | |||||
| CVE-2016-3171 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-05-09 | 6.8 MEDIUM | 8.1 HIGH |
| Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. | |||||
| CVE-2016-3167 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-04-19 | 6.4 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter. | |||||
| CVE-2015-8616 | 1 Php | 1 Php | 2016-01-22 | 7.5 HIGH | 8.6 HIGH |
| Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. | |||||