Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 6.01%
  • Veröffentlicht 07.12.2010 22:00:02
  • Zuletzt bearbeitet 16.06.2026 23:24:12

Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via ...

  • EPSS 18.88%
  • Veröffentlicht 06.12.2010 20:13:00
  • Zuletzt bearbeitet 16.06.2026 23:24:44

Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.

Exploit
  • EPSS 2.65%
  • Veröffentlicht 12.11.2010 22:00:01
  • Zuletzt bearbeitet 16.06.2026 23:14:49

Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 enc...

Exploit
  • EPSS 11.28%
  • Veröffentlicht 12.11.2010 21:00:02
  • Zuletzt bearbeitet 16.06.2026 23:23:43

The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protec...

  • EPSS 6.32%
  • Veröffentlicht 09.11.2010 01:00:02
  • Zuletzt bearbeitet 16.06.2026 23:22:46

fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.

Exploit
  • EPSS 13.33%
  • Veröffentlicht 09.11.2010 01:00:02
  • Zuletzt bearbeitet 16.06.2026 23:23:23

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Exploit
  • EPSS 3.09%
  • Veröffentlicht 25.10.2010 20:01:03
  • Zuletzt bearbeitet 16.06.2026 23:23:23

Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) v...

Exploit
  • EPSS 5.69%
  • Veröffentlicht 28.09.2010 18:00:02
  • Zuletzt bearbeitet 16.06.2026 23:21:49

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not pr...

  • EPSS 1.83%
  • Veröffentlicht 20.08.2010 22:00:01
  • Zuletzt bearbeitet 16.06.2026 23:20:50

The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.

  • EPSS 5%
  • Veröffentlicht 20.08.2010 22:00:01
  • Zuletzt bearbeitet 16.06.2026 23:20:55

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the a...