Total
711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1153 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. | |||||
| CVE-2010-2190 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-4697 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. | |||||
| CVE-2013-1643 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. | |||||
| CVE-2012-0831 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | |||||
| CVE-2010-4698 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. | |||||
| CVE-2013-4635 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. | |||||
| CVE-2010-1917 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. | |||||
| CVE-2011-0708 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
| exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. | |||||
| CVE-2013-4113 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
| ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | |||||
| CVE-2011-1092 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
| Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. | |||||
| CVE-2011-1468 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. | |||||
| CVE-2012-0788 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | |||||
| CVE-2007-1399 | 2 Pecl Zip, Php | 2 1.8.3, Php | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | |||||
| CVE-2007-4850 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | |||||
| CVE-2007-1396 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor. | |||||
| CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-4670 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | |||||
| CVE-2007-1401 | 1 Php | 1 Php | 2025-04-09 | 6.9 MEDIUM | N/A |
| Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | |||||
| CVE-2009-3291 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. | |||||