Php

Php

725 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.6%
  • Veröffentlicht 20.08.2010 20:00:03
  • Zuletzt bearbeitet 16.06.2026 23:22:03

mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based ...

  • EPSS 1.57%
  • Veröffentlicht 20.08.2010 20:00:03
  • Zuletzt bearbeitet 16.06.2026 23:22:03

The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that caus...

  • EPSS 2.37%
  • Veröffentlicht 20.08.2010 20:00:03
  • Zuletzt bearbeitet 16.06.2026 23:22:03

Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username o...

Exploit
  • EPSS 2.19%
  • Veröffentlicht 20.08.2010 20:00:03
  • Zuletzt bearbeitet 16.06.2026 23:22:03

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.

Exploit
  • EPSS 5.34%
  • Veröffentlicht 24.06.2010 12:30:01
  • Zuletzt bearbeitet 16.06.2026 23:20:20

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Exploit
  • EPSS 1.9%
  • Veröffentlicht 08.06.2010 00:30:01
  • Zuletzt bearbeitet 16.06.2026 23:20:15

The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an interna...

Exploit
  • EPSS 2.41%
  • Veröffentlicht 08.06.2010 00:30:01
  • Zuletzt bearbeitet 16.06.2026 23:20:16

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-de...

Exploit
  • EPSS 2.05%
  • Veröffentlicht 27.05.2010 22:30:02
  • Zuletzt bearbeitet 16.06.2026 23:19:58

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents)...

Exploit
  • EPSS 2.4%
  • Veröffentlicht 27.05.2010 22:30:02
  • Zuletzt bearbeitet 16.06.2026 23:19:59

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing ...

Exploit
  • EPSS 1.86%
  • Veröffentlicht 27.05.2010 22:30:01
  • Zuletzt bearbeitet 16.06.2026 23:19:58

Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction o...