Php

Php

714 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-1469

Exploit
  • EPSS 6.4%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

4.3

CVE-2011-1470

Exploit
  • EPSS 3.06%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

4.3

CVE-2011-1471

Exploit
  • EPSS 7.23%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

4.3

CVE-2011-0421

Exploit
  • EPSS 8.23%
  • Veröffentlicht 20.03.2011 02:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer...

4.3

CVE-2011-0708

Exploit
  • EPSS 16.48%
  • Veröffentlicht 20.03.2011 02:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buf...

7.5

CVE-2011-1148

  • EPSS 3.17%
  • Veröffentlicht 18.03.2011 15:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple...

7.5

CVE-2011-1153

  • EPSS 1.97%
  • Veröffentlicht 16.03.2011 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly e...

7.5

CVE-2011-1092

Exploit
  • EPSS 10%
  • Veröffentlicht 15.03.2011 17:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.

5

CVE-2011-0420

Exploit
  • EPSS 15.15%
  • Veröffentlicht 19.02.2011 01:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

4.3

CVE-2011-0753

  • EPSS 0.53%
  • Veröffentlicht 02.02.2011 22:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.