Vulnerabilities > PHP > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-19 CVE-2015-6831 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
network
low complexity
php debian CWE-416
7.3
7.3
2016-01-19 CVE-2015-6527 Unspecified vulnerability in PHP 7.0.0
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.
network
low complexity
php
7.3
7.3
2016-01-19 CVE-2015-5590 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.
network
low complexity
php CWE-119
7.3
7.3
2015-12-02 CVE-2015-8393 Information Exposure vulnerability in multiple products
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
network
low complexity
pcre fedoraproject php CWE-200
7.5
7.5
2015-12-02 CVE-2015-8387 Integer Overflow or Wraparound vulnerability in multiple products
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-190
7.3
7.3
2007-03-06 CVE-2007-1285 Uncontrolled Recursion vulnerability in multiple products
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
network
low complexity
php canonical novell suse redhat CWE-674
7.5
7.5