Max CVSS | 6.4 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-2336 | 5.0 |
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service
|
13-02-2023 - 04:33 | 11-05-2012 - 10:15 | |
CVE-2011-4153 | 5.0 |
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup
|
18-01-2018 - 02:29 | 18-01-2012 - 20:55 | |
CVE-2012-1172 | 5.8 |
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or
|
18-01-2018 - 02:29 | 24-05-2012 - 00:55 | |
CVE-2012-0057 | 6.4 |
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
|
18-01-2018 - 02:29 | 02-02-2012 - 00:55 | |
CVE-2012-0789 | 5.0 |
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
|
09-01-2018 - 02:29 | 14-02-2012 - 15:55 |