CVE-2015-4026
- EPSS 19.68%
- Veröffentlicht 09.06.2015 18:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files wi...
CVE-2015-4025
- EPSS 20.23%
- Veröffentlicht 09.06.2015 18:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with...
- EPSS 50.13%
- Veröffentlicht 09.06.2015 18:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form ...
CVE-2015-4022
- EPSS 20.84%
- Veröffentlicht 09.06.2015 18:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ove...
- EPSS 21.4%
- Veröffentlicht 09.06.2015 18:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a de...
CVE-2015-3330
- EPSS 14.08%
- Veröffentlicht 09.06.2015 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p...
CVE-2015-3329
- EPSS 38.43%
- Veröffentlicht 09.06.2015 18:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph...
CVE-2015-3307
- EPSS 7.7%
- Veröffentlicht 09.06.2015 18:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a craf...
CVE-2015-2783
- EPSS 10.88%
- Veröffentlicht 09.06.2015 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length v...
CVE-2015-3456
- EPSS 15.28%
- Veröffentlicht 13.05.2015 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_...