Filtered by vendor Php
Subscriptions
Filtered by product Php
Subscriptions
Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4718 | 1 Php | 1 Php | 2025-04-11 | N/A |
| Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | ||||
| CVE-2012-0781 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. | ||||
| CVE-2011-3268 | 1 Php | 1 Php | 2025-04-11 | N/A |
| Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. | ||||
| CVE-2011-3267 | 1 Php | 1 Php | 2025-04-11 | N/A |
| PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2011-3379 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. | ||||
| CVE-2011-2483 | 4 Openwall, Php, Postgresql and 1 more | 4 Crypt Blowfish, Php, Postgresql and 1 more | 2025-04-11 | N/A |
| crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. | ||||
| CVE-2013-4113 | 2 Php, Redhat | 5 Php, Enterprise Linux, Rhel Els and 2 more | 2025-04-11 | N/A |
| ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | ||||
| CVE-2011-3189 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. | ||||
| CVE-2011-3182 | 1 Php | 1 Php | 2025-04-11 | N/A |
| PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. | ||||
| CVE-2011-4078 | 2 Php, Roundcube | 2 Php, Webmail | 2025-04-11 | N/A |
| include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. | ||||
| CVE-2011-1469 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. | ||||
| CVE-2011-1470 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. | ||||
| CVE-2011-1467 | 1 Php | 1 Php | 2025-04-11 | N/A |
| Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. | ||||
| CVE-2011-1471 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. | ||||
| CVE-2011-1468 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. | ||||
| CVE-2011-1148 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. | ||||
| CVE-2011-1153 | 1 Php | 1 Php | 2025-04-11 | N/A |
| Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. | ||||
| CVE-2011-1657 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND. | ||||
| CVE-2011-1464 | 1 Php | 1 Php | 2025-04-11 | N/A |
| Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. | ||||
| CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-11 | N/A |
| The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | ||||