Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.42%
  • Veröffentlicht 22.05.2016 01:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging us...

  • EPSS 1.25%
  • Veröffentlicht 22.05.2016 01:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that perfor...

Exploit
  • EPSS 3.65%
  • Veröffentlicht 22.05.2016 01:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memo...

Exploit
  • EPSS 7.71%
  • Veröffentlicht 22.05.2016 01:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trig...

  • EPSS 4.35%
  • Veröffentlicht 22.05.2016 01:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat...

Exploit
  • EPSS 4.03%
  • Veröffentlicht 22.05.2016 01:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML...

Exploit
  • EPSS 4.54%
  • Veröffentlicht 22.05.2016 01:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary ...

Exploit
  • EPSS 7.29%
  • Veröffentlicht 20.05.2016 11:00:18
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute...

  • EPSS 5.93%
  • Veröffentlicht 20.05.2016 11:00:16
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar...

Exploit
  • EPSS 19.46%
  • Veröffentlicht 20.05.2016 11:00:15
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.