Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.64%
  • Veröffentlicht 02.12.2015 01:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrate...

  • EPSS 7.06%
  • Veröffentlicht 02.12.2015 01:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expr...

  • EPSS 6.08%
  • Veröffentlicht 02.12.2015 01:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript ...

Exploit
  • EPSS 19.96%
  • Veröffentlicht 09.06.2015 18:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted seria...

Exploit
  • EPSS 12.27%
  • Veröffentlicht 09.06.2015 18:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serial...

Exploit
  • EPSS 19.68%
  • Veröffentlicht 09.06.2015 18:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files wi...

  • EPSS 20.23%
  • Veröffentlicht 09.06.2015 18:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with...

Exploit
  • EPSS 50.13%
  • Veröffentlicht 09.06.2015 18:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form ...

Exploit
  • EPSS 20.84%
  • Veröffentlicht 09.06.2015 18:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ove...

Exploit
  • EPSS 21.4%
  • Veröffentlicht 09.06.2015 18:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a de...