National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:php:php:5.2.4
There are 338 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2011-3267

PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.

Published: August 25, 2011; 02:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-3182

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.

Published: August 25, 2011; 10:22:47 AM -04:00
    V2: 5.0 MEDIUM
CVE-2011-2483

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

Published: August 25, 2011; 10:22:44 AM -04:00
    V2: 5.0 MEDIUM
CVE-2011-2202

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."

Published: June 16, 2011; 07:55:04 PM -04:00
    V2: 6.4 MEDIUM
CVE-2011-1471

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-1470

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-1469

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-1468

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-1466

Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-1464

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-0708

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

Published: March 19, 2011; 10:00:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-0421

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Published: March 19, 2011; 10:00:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-1148

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

Published: March 18, 2011; 11:55:01 AM -04:00
    V2: 7.5 HIGH
CVE-2011-1153

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

Published: March 16, 2011; 06:55:04 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1092

Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.

Published: March 15, 2011; 01:55:04 PM -04:00
    V2: 7.5 HIGH
CVE-2011-0755

Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

Published: February 02, 2011; 05:00:02 PM -05:00
    V2: 5.0 MEDIUM
CVE-2011-0754

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

Published: February 02, 2011; 05:00:02 PM -05:00
    V2: 4.4 MEDIUM
CVE-2011-0753

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.

Published: February 02, 2011; 05:00:02 PM -05:00
    V2: 4.3 MEDIUM
CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

Published: February 02, 2011; 05:00:01 PM -05:00
    V2: 5.0 MEDIUM