CVE-2011-0753
- EPSS 0.8%
- Veröffentlicht 02.02.2011 22:00:02
- Zuletzt bearbeitet 16.06.2026 23:28:00
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
CVE-2011-0754
- EPSS 0.34%
- Veröffentlicht 02.02.2011 22:00:02
- Zuletzt bearbeitet 16.06.2026 23:28:00
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform d...
- EPSS 1.94%
- Veröffentlicht 02.02.2011 22:00:02
- Zuletzt bearbeitet 16.06.2026 23:28:00
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandma...
- EPSS 1.34%
- Veröffentlicht 02.02.2011 22:00:01
- Zuletzt bearbeitet 16.06.2026 23:28:00
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions b...
- EPSS 5.36%
- Veröffentlicht 18.01.2011 20:00:10
- Zuletzt bearbeitet 16.06.2026 22:34:39
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argum...
CVE-2010-4697
- EPSS 2.27%
- Veröffentlicht 18.01.2011 20:00:10
- Zuletzt bearbeitet 16.06.2026 23:25:22
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of _...
- EPSS 3.52%
- Veröffentlicht 18.01.2011 20:00:10
- Zuletzt bearbeitet 16.06.2026 23:25:22
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstex...
- EPSS 1.63%
- Veröffentlicht 18.01.2011 20:00:10
- Zuletzt bearbeitet 16.06.2026 23:25:22
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an i...
CVE-2010-4700
- EPSS 1.46%
- Veröffentlicht 18.01.2011 20:00:10
- Zuletzt bearbeitet 16.06.2026 23:25:22
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injecti...
- EPSS 15.1%
- Veröffentlicht 11.01.2011 03:00:04
- Zuletzt bearbeitet 16.06.2026 23:25:14
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation...