Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Php
(Php)| Repositories |
• https://github.com/php/php-src
• https://github.com/file/file • https://github.com/kkos/oniguruma • https://github.com/libgd/libgd • https://github.com/mysql/mysql-server |
| #Vulnerabilities | 683 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-07-12 | CVE-2016-6174 | applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. | Invision_power_board, Php | 8.1 | ||
| 2020-02-19 | CVE-2014-3622 | Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | Php | N/A | ||
| 2018-02-19 | CVE-2015-9253 | An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. | Php | 6.5 | ||
| 2020-02-12 | CVE-2011-3336 | regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | Mac_os_x, Freebsd, Openbsd, Php | N/A | ||
| 2015-06-09 | CVE-2015-4024 | Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. | Mac_os_x, System_management_homepage, Linux, Solaris, Php, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation | N/A | ||
| 2019-11-26 | CVE-2011-1939 | SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | Debian_linux, Php, Zend_framework | N/A | ||
| 2019-11-13 | CVE-2010-4657 | PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | Debian_linux, Php, Enterprise_linux | N/A | ||
| 2008-06-23 | CVE-2008-2829 | php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. | Ubuntu_linux, Php | N/A | ||
| 2007-06-29 | CVE-2007-3378 | The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | Php | N/A | ||
| 2007-03-27 | CVE-2007-1701 | PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". | Php | N/A |