Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:php:php:5.4.43:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-5459 |
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. Published: September 27, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2014-4670 |
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. Published: July 10, 2014; 7:06:28 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-2020 |
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. Published: February 18, 2014; 6:55:17 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-7327 |
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. Published: February 18, 2014; 6:55:03 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-4718 |
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. Published: August 13, 2013; 11:04:18 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2220 |
Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. Published: July 31, 2013; 9:20:27 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-3205 |
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. Published: June 13, 2007; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |