Vulnerabilities (CVE)

Filtered by vendor Php Subscribe
Filtered by product Php
Total 711 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1862 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
CVE-2011-1148 1 Php 1 Php 2025-04-11 7.5 HIGH N/A
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
CVE-2010-4150 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
CVE-2010-3065 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
CVE-2011-0754 2 Microsoft, Php 2 Windows, Php 2025-04-11 4.4 MEDIUM N/A
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.
CVE-2011-2202 1 Php 1 Php 2025-04-11 6.4 MEDIUM N/A
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
CVE-2010-3436 2 Canonical, Php 2 Ubuntu Linux, Php 2025-04-11 5.0 MEDIUM N/A
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
CVE-2010-4409 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
CVE-2011-0755 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
CVE-2011-3379 1 Php 1 Php 2025-04-11 7.5 HIGH N/A
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
CVE-2011-1398 1 Php 1 Php 2025-04-11 4.3 MEDIUM N/A
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
CVE-2013-3735 1 Php 1 Php 2025-04-11 5.0 MEDIUM 7.5 HIGH
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.
CVE-2010-4699 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
CVE-2013-6712 5 Apple, Canonical, Debian and 2 more 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more 2025-04-11 5.0 MEDIUM N/A
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
CVE-2012-1823 8 Apple, Debian, Fedoraproject and 5 more 17 Mac Os X, Debian Linux, Fedora and 14 more 2025-04-11 7.5 HIGH 9.8 CRITICAL
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2011-1470 1 Php 1 Php 2025-04-11 4.3 MEDIUM N/A
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.
CVE-2011-0421 1 Php 1 Php 2025-04-11 4.3 MEDIUM N/A
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
CVE-2010-1128 1 Php 1 Php 2025-04-11 6.4 MEDIUM N/A
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
CVE-2011-3189 1 Php 1 Php 2025-04-11 4.3 MEDIUM N/A
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.
CVE-2010-3062 1 Php 1 Php 2025-04-11 5.0 MEDIUM N/A
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.