Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-1823 | 7.5 |
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by
|
16-07-2024 - 17:48 | 11-05-2012 - 10:15 | |
CVE-2011-2483 | 5.0 |
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext passwo
|
23-04-2024 - 19:57 | 25-08-2011 - 14:22 | |
CVE-2010-4645 | 5.0 |
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation
|
15-05-2023 - 00:15 | 11-01-2011 - 03:00 | |
CVE-2012-2386 | 7.5 |
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted t
|
13-02-2023 - 04:33 | 07-07-2012 - 10:21 | |
CVE-2012-0830 | 7.5 |
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability ex
|
13-02-2023 - 03:26 | 06-02-2012 - 20:55 | |
CVE-2014-4698 | 4.6 |
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio
|
19-01-2023 - 16:35 | 10-07-2014 - 11:06 | |
CVE-2014-4721 | 2.6 |
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent
|
19-01-2023 - 16:14 | 06-07-2014 - 23:55 | |
CVE-2014-3710 | 5.0 |
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and appli
|
05-11-2022 - 02:10 | 05-11-2014 - 11:55 | |
CVE-2013-4113 | 6.8 |
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the
|
16-08-2022 - 13:29 | 13-07-2013 - 13:10 | |
CVE-2013-6420 | 7.5 |
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
|
30-10-2018 - 16:27 | 17-12-2013 - 04:46 | |
CVE-2011-4885 | 5.0 |
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
|
09-01-2018 - 02:29 | 30-12-2011 - 01:55 | |
CVE-2013-4248 | 4.3 |
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-
|
28-11-2016 - 19:09 | 18-08-2013 - 02:52 |