Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-9709 | 5.0 |
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperl
|
09-11-2022 - 03:04 | 30-03-2015 - 10:59 | |
CVE-2015-2301 | 7.5 |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a
|
16-08-2022 - 13:28 | 30-03-2015 - 10:59 | |
CVE-2014-9425 | 7.5 |
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact
|
04-08-2022 - 15:46 | 31-12-2014 - 02:59 | |
CVE-2015-3329 | 7.5 |
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph
|
27-12-2019 - 16:08 | 09-06-2015 - 18:59 | |
CVE-2015-4024 | 5.0 |
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form
|
27-12-2019 - 16:08 | 09-06-2015 - 18:59 | |
CVE-2015-4643 | 7.5 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ov
|
27-12-2019 - 16:08 | 16-05-2016 - 10:59 | |
CVE-2015-4602 | 10.0 |
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
CVE-2015-4022 | 7.5 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ove
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
CVE-2015-3307 | 7.5 |
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a craf
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
CVE-2015-4598 | 7.5 |
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
CVE-2015-4026 | 7.5 |
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files wi
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
CVE-2015-4021 | 5.0 |
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a de
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
CVE-2015-4603 | 10.0 |
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. <
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
CVE-2015-3411 | 6.4 |
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
CVE-2015-3412 | 5.0 |
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_pat
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
CVE-2015-2783 | 5.8 |
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length v
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
CVE-2015-2787 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
30-10-2018 - 16:27 | 30-03-2015 - 10:59 | |
CVE-2015-4601 | 10.0 |
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c,
|
05-01-2018 - 02:30 | 16-05-2016 - 10:59 | |
CVE-2015-4147 | 7.5 |
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serial
|
05-01-2018 - 02:30 | 09-06-2015 - 18:59 | |
CVE-2015-4600 | 10.0 |
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type
|
05-01-2018 - 02:30 | 16-05-2016 - 10:59 | |
CVE-2015-4599 | 10.0 |
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrar
|
05-01-2018 - 02:30 | 16-05-2016 - 10:59 | |
CVE-2015-4148 | 5.0 |
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted seria
|
05-01-2018 - 02:30 | 09-06-2015 - 18:59 | |
CVE-2014-9705 | 7.5 |
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of m
|
05-01-2018 - 02:29 | 30-03-2015 - 10:59 | |
CVE-2015-0232 | 6.8 |
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) v
|
05-01-2018 - 02:29 | 27-01-2015 - 20:04 | |
CVE-2015-0273 | 7.5 |
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier
|
05-01-2018 - 02:29 | 30-03-2015 - 10:59 |