Php

Php

711 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2011-2202

Exploit
  • EPSS 9.25%
  • Published 16.06.2011 23:55:04
  • Last modified 11.04.2025 00:51:21

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwr...

7.5

CVE-2011-1938

Exploit
  • EPSS 48.96%
  • Published 31.05.2011 20:55:05
  • Last modified 11.04.2025 00:51:21

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

6.3

CVE-2011-0441

  • EPSS 0.03%
  • Published 29.03.2011 18:55:01
  • Last modified 11.04.2025 00:51:21

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.

4.3

CVE-2011-1464

Exploit
  • EPSS 1.15%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argumen...

5

CVE-2011-1466

Exploit
  • EPSS 26.12%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.

5

CVE-2011-1467

  • EPSS 7.63%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a rela...

4.3

CVE-2011-1468

Exploit
  • EPSS 6.13%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt fun...

4.3

CVE-2011-1469

Exploit
  • EPSS 6.4%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

4.3

CVE-2011-1470

Exploit
  • EPSS 3.74%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

4.3

CVE-2011-1471

Exploit
  • EPSS 9.7%
  • Published 20.03.2011 02:00:04
  • Last modified 11.04.2025 00:51:21

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.