| Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3330 | 6.8 |
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p
|
27-12-2019 - 16:08 | 09-06-2015 - 18:59 | |
| CVE-2015-3329 | 7.5 |
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph
|
27-12-2019 - 16:08 | 09-06-2015 - 18:59 | |
| CVE-2015-4024 | 5.0 |
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form
|
27-12-2019 - 16:08 | 09-06-2015 - 18:59 | |
| CVE-2015-4643 | 7.5 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ov
|
27-12-2019 - 16:08 | 16-05-2016 - 10:59 | |
| CVE-2015-4602 | 10.0 |
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-4022 | 7.5 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ove
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
| CVE-2015-4605 | 5.0 |
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-3307 | 7.5 |
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a craf
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
| CVE-2015-4598 | 7.5 |
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-4026 | 7.5 |
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files wi
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
| CVE-2015-4604 | 5.0 |
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a den
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-4021 | 5.0 |
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a de
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
| CVE-2015-4603 | 10.0 |
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. <
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-4644 | 5.0 |
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a d
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-3411 | 6.4 |
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-3412 | 5.0 |
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_pat
|
22-04-2019 - 17:48 | 16-05-2016 - 10:59 | |
| CVE-2015-4025 | 7.5 |
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 | |
| CVE-2015-2783 | 5.8 |
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length v
|
22-04-2019 - 17:48 | 09-06-2015 - 18:59 |