Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 13.21%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 16.06.2026 23:29:24

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt fun...

Exploit
  • EPSS 4.32%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 16.06.2026 23:29:24

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

Exploit
  • EPSS 9.52%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 16.06.2026 23:29:24

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

Exploit
  • EPSS 13.13%
  • Veröffentlicht 20.03.2011 02:00:04
  • Zuletzt bearbeitet 16.06.2026 23:29:24

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

Exploit
  • EPSS 13.51%
  • Veröffentlicht 20.03.2011 02:00:03
  • Zuletzt bearbeitet 16.06.2026 23:27:19

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer...

Exploit
  • EPSS 9.86%
  • Veröffentlicht 20.03.2011 02:00:03
  • Zuletzt bearbeitet 16.06.2026 23:27:55

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buf...

  • EPSS 4.61%
  • Veröffentlicht 18.03.2011 15:55:01
  • Zuletzt bearbeitet 16.06.2026 23:28:49

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple...

  • EPSS 6.83%
  • Veröffentlicht 16.03.2011 22:55:04
  • Zuletzt bearbeitet 16.06.2026 23:28:49

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly e...

Exploit
  • EPSS 17.88%
  • Veröffentlicht 15.03.2011 17:55:04
  • Zuletzt bearbeitet 16.06.2026 23:28:41

Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.

Exploit
  • EPSS 14.41%
  • Veröffentlicht 19.02.2011 01:00:02
  • Zuletzt bearbeitet 16.06.2026 23:27:19

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.