Search Results (Refine Search)
- CPE Product Version: cpe:/a:php:php:5.3.28
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0237 |
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. Published: June 01, 2014; 12:29:34 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-2497 |
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. Published: March 21, 2014; 10:55:12 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-2270 |
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-2020 |
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. Published: February 18, 2014; 6:55:17 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-7327 |
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. Published: February 18, 2014; 6:55:03 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6712 |
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. Published: November 27, 2013; 11:37:39 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4248 |
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: August 17, 2013; 10:52:23 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4718 |
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. Published: August 13, 2013; 11:04:18 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-3735 |
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id. Published: May 31, 2013; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2376 |
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. Published: May 21, 2012; 11:55:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |