Vulnerabilities > PHP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-14 | CVE-2015-7774 | OS Command Injection vulnerability in Pc-Egg Pwebmanager PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | 6.5 |
2015-06-09 | CVE-2015-4148 | Improper Input Validation vulnerability in multiple products The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. | 5.0 |
2015-06-09 | CVE-2015-4024 | Resource Management Errors vulnerability in multiple products Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. | 5.0 |
2015-06-09 | CVE-2015-4021 | Numeric Errors vulnerability in multiple products The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. | 5.0 |
2015-06-09 | CVE-2015-2783 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. | 5.8 |
2015-03-30 | CVE-2015-2305 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. | 6.8 |
2015-03-30 | CVE-2014-9652 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. | 5.0 |
2015-03-30 | CVE-2013-6501 | Injection vulnerability in PHP The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | 4.6 |
2014-08-23 | CVE-2014-5120 | Improper Input Validation vulnerability in PHP gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. | 6.4 |
2014-08-23 | CVE-2014-3597 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. | 6.8 |