Vulnerabilities > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-30 | CVE-2011-1398 | Improper Input Validation vulnerability in PHP The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. | 4.3 |
| 2012-07-20 | CVE-2012-3365 | Permissions, Privileges, and Access Controls vulnerability in PHP The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | 5.0 |
| 2012-05-24 | CVE-2012-1172 | Improper Input Validation vulnerability in PHP The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. | 5.8 |
| 2012-05-11 | CVE-2012-2329 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP 5.4.0/5.4.1/5.4.2 Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. | 5.0 |
| 2012-02-14 | CVE-2012-0789 | Resource Management Errors vulnerability in PHP Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. | 5.0 |
| 2012-02-14 | CVE-2012-0788 | Improper Input Validation vulnerability in PHP The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | 5.0 |
| 2012-02-10 | CVE-2012-0831 | Improper Input Validation vulnerability in PHP PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | 6.8 |
| 2012-02-02 | CVE-2012-0057 | Permissions, Privileges, and Access Controls vulnerability in PHP PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | 6.4 |
| 2012-01-18 | CVE-2012-0781 | Resource Management Errors vulnerability in PHP 5.3.8 The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. | 5.0 |
| 2012-01-18 | CVE-2011-4153 | Improper Input Validation vulnerability in PHP 5.3.8 PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. | 5.0 |