Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 6.71%
  • Veröffentlicht 10.02.2012 20:55:02
  • Zuletzt bearbeitet 16.06.2026 23:38:20

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related...

Exploit
  • EPSS 30.14%
  • Veröffentlicht 06.02.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:38:20

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability e...

  • EPSS 3.15%
  • Veröffentlicht 02.02.2012 00:55:01
  • Zuletzt bearbeitet 16.06.2026 23:36:35

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Exploit
  • EPSS 10.77%
  • Veröffentlicht 18.01.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:38:15

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objec...

Exploit
  • EPSS 12.2%
  • Veröffentlicht 18.01.2012 20:55:02
  • Zuletzt bearbeitet 16.06.2026 23:34:30

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup ...

  • EPSS 83.91%
  • Veröffentlicht 30.12.2011 01:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:34

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Exploit
  • EPSS 6.67%
  • Veröffentlicht 29.11.2011 00:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:03

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_v...

Exploit
  • EPSS 5.01%
  • Veröffentlicht 03.11.2011 15:55:00
  • Zuletzt bearbeitet 16.06.2026 23:33:11

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages a...

  • EPSS 2.87%
  • Veröffentlicht 25.08.2011 18:55:01
  • Zuletzt bearbeitet 16.06.2026 23:32:59

PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.

  • EPSS 5.72%
  • Veröffentlicht 25.08.2011 18:55:01
  • Zuletzt bearbeitet 16.06.2026 23:32:59

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.