Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 9.75%
  • Veröffentlicht 06.03.2013 13:10:27
  • Zuletzt bearbeitet 29.04.2026 01:13:23

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggeri...

  • EPSS 10.14%
  • Veröffentlicht 06.03.2013 13:10:27
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity...

  • EPSS 2.54%
  • Veröffentlicht 19.01.2013 21:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

Exploit
  • EPSS 0.85%
  • Veröffentlicht 11.10.2012 10:51:57
  • Zuletzt bearbeitet 16.06.2026 23:46:46

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the P...

Exploit
  • EPSS 4.23%
  • Veröffentlicht 07.09.2012 22:55:02
  • Zuletzt bearbeitet 16.06.2026 23:44:55

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protec...

  • EPSS 10.17%
  • Veröffentlicht 30.08.2012 22:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:16

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a...

  • EPSS 11.18%
  • Veröffentlicht 06.08.2012 16:55:05
  • Zuletzt bearbeitet 16.06.2026 23:43:14

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bound...

  • EPSS 2.98%
  • Veröffentlicht 20.07.2012 10:40:37
  • Zuletzt bearbeitet 16.06.2026 23:43:04

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

  • EPSS 10.47%
  • Veröffentlicht 20.07.2012 10:40:36
  • Zuletzt bearbeitet 16.06.2026 23:41:53

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

Exploit
  • EPSS 42.48%
  • Veröffentlicht 07.07.2012 10:21:13
  • Zuletzt bearbeitet 16.06.2026 23:41:27

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted t...