Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 9.32%
  • Veröffentlicht 22.02.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:50:49

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte ...

Exploit
  • EPSS 7.12%
  • Veröffentlicht 22.02.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:50:50

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlr...

Exploit
  • EPSS 3.06%
  • Veröffentlicht 22.02.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:50:50

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write pas...

Exploit
  • EPSS 5.66%
  • Veröffentlicht 21.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:09

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. ...

Exploit
  • EPSS 64.27%
  • Veröffentlicht 27.01.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:20

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This c...

  • EPSS 7.07%
  • Veröffentlicht 07.12.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:50

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

Exploit
  • EPSS 2.92%
  • Veröffentlicht 25.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:05

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to exe...

Exploit
  • EPSS 95.23%
  • Veröffentlicht 25.11.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:04

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without pre...

Exploit
  • EPSS 4.33%
  • Veröffentlicht 20.11.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 03:57:51

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handler...

Exploit
  • EPSS 4.58%
  • Veröffentlicht 20.11.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 03:57:51

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.