| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-2143 | 4.3 |
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for cont
|
14-03-2024 - 19:59 | 05-07-2012 - 14:55 | |
| CVE-2012-2386 | 7.5 |
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted t
|
13-02-2023 - 04:33 | 07-07-2012 - 10:21 | |
| CVE-2012-2336 | 5.0 |
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service
|
13-02-2023 - 04:33 | 11-05-2012 - 10:15 | |
| CVE-2013-4113 | 6.8 |
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the
|
16-08-2022 - 13:29 | 13-07-2013 - 13:10 | |
| CVE-2013-6420 | 7.5 |
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
|
30-10-2018 - 16:27 | 17-12-2013 - 04:46 | |
| CVE-2011-4153 | 5.0 |
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup
|
18-01-2018 - 02:29 | 18-01-2012 - 20:55 | |
| CVE-2012-1172 | 5.8 |
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or
|
18-01-2018 - 02:29 | 24-05-2012 - 00:55 | |
| CVE-2012-0057 | 6.4 |
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
|
18-01-2018 - 02:29 | 02-02-2012 - 00:55 | |
| CVE-2012-0789 | 5.0 |
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
|
09-01-2018 - 02:29 | 14-02-2012 - 15:55 | |
| CVE-2012-0781 | 5.0 |
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objec
|
09-01-2018 - 02:29 | 18-01-2012 - 20:55 | |
| CVE-2010-2950 | 6.8 |
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not pr
|
04-05-2011 - 02:49 | 28-09-2010 - 18:00 |