Max CVSS 7.5 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-0830 7.5
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability ex
13-02-2023 - 03:26 06-02-2012 - 20:55
CVE-2011-4566 6.4
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_v
29-08-2022 - 20:11 29-11-2011 - 00:55
CVE-2012-0831 6.8
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related
16-08-2022 - 13:31 10-02-2012 - 20:55
CVE-2011-1466 5.0
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-4153 5.0
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup
18-01-2018 - 02:29 18-01-2012 - 20:55
CVE-2012-0057 6.4
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
18-01-2018 - 02:29 02-02-2012 - 00:55
CVE-2012-0807 5.1
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote
18-01-2018 - 02:29 27-01-2012 - 00:55
CVE-2011-4885 5.0
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
09-01-2018 - 02:29 30-12-2011 - 01:55
CVE-2012-0789 5.0
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
09-01-2018 - 02:29 14-02-2012 - 15:55
CVE-2012-0781 5.0
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objec
09-01-2018 - 02:29 18-01-2012 - 20:55
CVE-2012-0788 5.0
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then ca
09-01-2018 - 02:29 14-02-2012 - 15:55
Back to Top Mark selected
Back to Top