Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.05%
  • Veröffentlicht 12.09.2016 01:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.

Exploit
  • EPSS 8.83%
  • Veröffentlicht 12.09.2016 01:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is ...

Exploit
  • EPSS 8.83%
  • Veröffentlicht 12.09.2016 01:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is...

Exploit
  • EPSS 6.67%
  • Veröffentlicht 12.09.2016 01:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an inv...

Exploit
  • EPSS 6.84%
  • Veröffentlicht 12.09.2016 01:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, a...

Exploit
  • EPSS 7.77%
  • Veröffentlicht 12.09.2016 01:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memor...

Exploit
  • EPSS 6.84%
  • Veröffentlicht 12.09.2016 01:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impa...

Exploit
  • EPSS 8.82%
  • Veröffentlicht 12.09.2016 01:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-boun...

Exploit
  • EPSS 5.78%
  • Veröffentlicht 12.09.2016 01:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as dem...

Exploit
  • EPSS 16.48%
  • Veröffentlicht 12.09.2016 01:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads...