Vulnerabilities > PHP > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-19 CVE-2015-6527 Unspecified vulnerability in PHP 7.0.0
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.
network
low complexity
php
7.3
2016-01-19 CVE-2015-5590 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.
network
low complexity
php CWE-119
7.3
2015-12-02 CVE-2015-8393 Information Exposure vulnerability in multiple products
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
network
low complexity
pcre fedoraproject php CWE-200
7.5
2015-12-02 CVE-2015-8387 Integer Overflow or Wraparound vulnerability in multiple products
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-190
7.3
2007-03-06 CVE-2007-1285 Uncontrolled Recursion vulnerability in multiple products
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
network
low complexity
php canonical novell suse redhat CWE-674
7.5