Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-6831 | 7.5 |
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedLis
|
05-08-2022 - 14:28 | 19-01-2016 - 05:59 | |
CVE-2015-6837 | 5.0 |
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi
|
04-11-2017 - 01:29 | 16-05-2016 - 10:59 | |
CVE-2015-6833 | 5.0 |
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extr
|
04-11-2017 - 01:29 | 19-01-2016 - 05:59 | |
CVE-2015-6836 | 7.5 |
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "
|
04-11-2017 - 01:29 | 19-01-2016 - 05:59 | |
CVE-2015-6832 | 7.5 |
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers m
|
04-11-2017 - 01:29 | 19-01-2016 - 05:59 | |
CVE-2015-6838 | 5.0 |
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi
|
04-11-2017 - 01:29 | 16-05-2016 - 10:59 | |
CVE-2015-6834 | 7.5 |
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3)
|
04-11-2017 - 01:29 | 16-05-2016 - 10:59 | |
CVE-2015-6835 | 7.5 |
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafte
|
04-11-2017 - 01:29 | 16-05-2016 - 10:59 | |
CVE-2015-5589 | 10.0 |
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (seg
|
04-11-2017 - 01:29 | 16-05-2016 - 10:59 | |
CVE-2015-5590 | 7.5 |
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a l
|
04-11-2017 - 01:29 | 19-01-2016 - 05:59 | |
CVE-2015-7803 | 6.8 |
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry i
|
07-12-2016 - 18:25 | 11-12-2015 - 12:00 | |
CVE-2015-7804 | 6.8 |
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filen
|
07-12-2016 - 18:25 | 11-12-2015 - 12:00 |