CVE-2015-8387
- EPSS 3.64%
- Veröffentlicht 02.12.2015 01:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrate...
CVE-2015-8386
- EPSS 7.06%
- Veröffentlicht 02.12.2015 01:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expr...
CVE-2015-8383
- EPSS 6.08%
- Veröffentlicht 02.12.2015 01:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript ...
- EPSS 19.96%
- Veröffentlicht 09.06.2015 18:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted seria...
CVE-2015-4147
- EPSS 12.27%
- Veröffentlicht 09.06.2015 18:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serial...
CVE-2015-4026
- EPSS 19.68%
- Veröffentlicht 09.06.2015 18:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files wi...
CVE-2015-4025
- EPSS 20.23%
- Veröffentlicht 09.06.2015 18:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with...
- EPSS 50.13%
- Veröffentlicht 09.06.2015 18:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form ...
CVE-2015-4022
- EPSS 20.84%
- Veröffentlicht 09.06.2015 18:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ove...
- EPSS 21.4%
- Veröffentlicht 09.06.2015 18:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a de...