CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

PHP : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5340 190 DoS Exec Code Overflow 2017-01-11 2017-01-12
7.5
None Remote Low Not required Partial Partial Partial
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
2 CVE-2016-10162 476 DoS 2017-01-24 2017-01-27
5.0
None Remote Low Not required None None Partial
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
3 CVE-2016-10161 125 DoS 2017-01-24 2017-01-27
5.0
None Remote Low Not required None None Partial
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
4 CVE-2016-10160 119 DoS Exec Code Overflow Mem. Corr. 2017-01-24 2017-01-27
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
5 CVE-2016-10159 190 DoS Overflow 2017-01-24 2017-01-27
5.0
None Remote Low Not required None None Partial
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
6 CVE-2016-10158 189 DoS 2017-01-24 2017-01-27
5.0
None Remote Low Not required None None Partial
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
7 CVE-2016-9936 416 DoS 2017-01-04 2017-01-17
7.5
None Remote Low Not required Partial Partial Partial
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.
8 CVE-2016-9935 125 DoS Mem. Corr. 2017-01-04 2017-01-17
7.5
None Remote Low Not required Partial Partial Partial
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
9 CVE-2016-9934 476 DoS 2017-01-04 2017-01-17
5.0
None Remote Low Not required None None Partial
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
10 CVE-2016-9138 416 DoS 2017-01-04 2017-01-06
7.5
None Remote Low Not required Partial Partial Partial
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
11 CVE-2016-9137 416 DoS 2017-01-04 2017-01-10
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.
12 CVE-2016-7480 119 DoS Exec Code Overflow 2017-01-11 2017-01-12
7.5
None Remote Low Not required Partial Partial Partial
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
13 CVE-2016-7479 416 Exec Code 2017-01-11 2017-01-13
7.5
None Remote Low Not required Partial Partial Partial
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
14 CVE-2016-7478 DoS 2017-01-11 2017-01-27
5.0
None Remote Low Not required None None Partial
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
15 CVE-2016-7418 119 DoS Overflow 2016-09-17 2016-11-28
5.0
None Remote Low Not required None None Partial
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
16 CVE-2016-7417 20 DoS 2016-09-17 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
17 CVE-2016-7416 119 DoS Overflow 2016-09-17 2016-11-28
5.0
None Remote Low Not required None None Partial
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
18 CVE-2016-7414 119 DoS Overflow 2016-09-17 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
19 CVE-2016-7413 416 DoS 2016-09-17 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
20 CVE-2016-7412 119 DoS Overflow 2016-09-17 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
21 CVE-2016-7411 119 DoS Overflow Mem. Corr. 2016-09-17 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
22 CVE-2016-7134 119 DoS Overflow 2016-09-11 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
23 CVE-2016-7133 190 DoS Overflow 2016-09-11 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
24 CVE-2016-7132 476 DoS 2016-09-11 2016-11-28
5.0
None Remote Low Not required None None Partial
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
25 CVE-2016-7131 476 DoS 2016-09-11 2016-11-28
5.0
None Remote Low Not required None None Partial
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
26 CVE-2016-7130 476 DoS 2016-09-11 2016-11-28
5.0
None Remote Low Not required None None Partial
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
27 CVE-2016-7129 20 DoS 2016-09-11 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
28 CVE-2016-7128 200 +Info 2016-09-11 2016-11-28
5.0
None Remote Low Not required Partial None None
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
29 CVE-2016-7127 787 DoS 2016-09-11 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
30 CVE-2016-7126 787 DoS 2016-09-11 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
31 CVE-2016-7125 74 2016-09-11 2016-11-28
5.0
None Remote Low Not required None Partial None
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
32 CVE-2016-7124 502 DoS 2016-09-11 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
33 CVE-2016-6297 119 DoS Overflow 2016-07-25 2016-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.
34 CVE-2016-6296 119 DoS Overflow 2016-07-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
35 CVE-2016-6295 416 DoS 2016-07-25 2016-09-26
7.5
None Remote Low Not required Partial Partial Partial
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.
36 CVE-2016-6294 125 DoS 2016-07-25 2016-09-26
7.5
None Remote Low Not required Partial Partial Partial
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
37 CVE-2016-6292 476 DoS 2016-07-25 2016-09-26
4.3
None Remote Medium Not required None None Partial
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
38 CVE-2016-6291 119 DoS Overflow Mem. Corr. +Info 2016-07-25 2016-09-26
7.5
None Remote Low Not required Partial Partial Partial
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.
39 CVE-2016-6290 416 DoS 2016-07-25 2016-09-26
7.5
None Remote Low Not required Partial Partial Partial
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
40 CVE-2016-6289 190 DoS Overflow 2016-07-25 2016-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.
41 CVE-2016-6288 119 DoS Overflow 2016-07-25 2016-09-26
7.5
None Remote Low Not required Partial Partial Partial
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
42 CVE-2016-6174 Exec Code 2016-07-12 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
43 CVE-2016-5873 119 Exec Code Overflow 2017-01-23 2017-01-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.
44 CVE-2016-5773 416 DoS Exec Code 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
45 CVE-2016-5772 415 DoS Exec Code 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
46 CVE-2016-5771 416 DoS Exec Code 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
47 CVE-2016-5770 190 DoS Overflow 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
48 CVE-2016-5769 190 DoS Overflow 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.
49 CVE-2016-5768 415 DoS Exec Code 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
50 CVE-2016-5385 284 2016-07-18 2017-02-16
5.1
None Remote High Not required Partial Partial Partial
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
Total number of vulnerabilities : 555   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.