Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 5.72%
  • Veröffentlicht 20.05.2016 11:00:14
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode f...

Exploit
  • EPSS 4.99%
  • Veröffentlicht 20.05.2016 10:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a de...

  • EPSS 3.15%
  • Veröffentlicht 16.05.2016 10:59:27
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (...

Exploit
  • EPSS 11%
  • Veröffentlicht 16.05.2016 10:59:26
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive...

Exploit
  • EPSS 8.28%
  • Veröffentlicht 16.05.2016 10:59:25
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

Exploit
  • EPSS 3.88%
  • Veröffentlicht 16.05.2016 10:59:24
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

  • EPSS 1.73%
  • Veröffentlicht 16.05.2016 10:59:23
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issu...

  • EPSS 6.2%
  • Veröffentlicht 16.05.2016 10:59:22
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type ...

  • EPSS 7.28%
  • Veröffentlicht 16.05.2016 10:59:21
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

  • EPSS 6.57%
  • Veröffentlicht 16.05.2016 10:59:20
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...