Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.51%
  • Veröffentlicht 06.05.2014 10:44:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Exploit
  • EPSS 3.04%
  • Veröffentlicht 24.03.2014 16:31:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a cra...

Exploit
  • EPSS 22.32%
  • Veröffentlicht 21.03.2014 14:55:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

  • EPSS 4.32%
  • Veröffentlicht 14.03.2014 15:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

  • EPSS 5.07%
  • Veröffentlicht 18.02.2014 19:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

  • EPSS 2.53%
  • Veröffentlicht 18.02.2014 11:55:17
  • Zuletzt bearbeitet 29.04.2026 01:13:23

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function...

  • EPSS 1.49%
  • Veröffentlicht 18.02.2014 11:55:16
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a nega...

  • EPSS 6.73%
  • Veröffentlicht 18.02.2014 11:55:03
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dim...

  • EPSS 2.68%
  • Veröffentlicht 18.02.2014 11:55:03
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments t...

  • EPSS 2.81%
  • Veröffentlicht 15.02.2014 14:57:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.