| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1643 |
200 |
|
+Info |
2013-03-06 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. |
|
2 |
CVE-2012-6113 |
200 |
|
+Info |
2013-01-19 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. |
|
3 |
CVE-2011-1153 |
134 |
|
DoS Exec Code Mem. Corr. +Info |
2011-03-16 |
2011-10-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. |
|
4 |
CVE-2010-3062 |
200 |
|
Overflow +Info |
2010-08-20 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. |
|
5 |
CVE-2010-2950 |
134 |
|
Exec Code +Info |
2010-09-28 |
2011-05-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. |
|
6 |
CVE-2010-2531 |
200 |
|
+Info |
2010-08-20 |
2011-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. |
|
7 |
CVE-2010-2484 |
200 |
|
Mem. Corr. +Info |
2010-08-20 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. |
|
8 |
CVE-2010-2225 |
399 |
|
Exec Code +Info |
2010-06-24 |
2010-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. |
|
9 |
CVE-2010-2191 |
119 |
|
Overflow Mem. Corr. +Info |
2010-06-07 |
2010-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature. |
|
10 |
CVE-2010-2190 |
200 |
|
+Info |
2010-06-07 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. |
|
11 |
CVE-2010-2101 |
200 |
|
+Info |
2010-05-27 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. |
|
12 |
CVE-2010-2100 |
200 |
|
+Info |
2010-05-27 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. |
|
13 |
CVE-2010-2097 |
200 |
|
+Info |
2010-05-27 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. |
|
14 |
CVE-2010-2094 |
134 |
|
Exec Code +Info |
2010-05-27 |
2011-01-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. |
|
15 |
CVE-2010-1915 |
200 |
|
+Info |
2010-05-12 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. |
|
16 |
CVE-2010-1914 |
200 |
|
+Info |
2010-05-12 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. |
|
17 |
CVE-2010-1864 |
200 |
|
+Info |
2010-05-07 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. |
|
18 |
CVE-2010-1862 |
200 |
|
+Info |
2010-05-07 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. |
|
19 |
CVE-2010-1860 |
200 |
|
Mem. Corr. +Info |
2010-05-07 |
2010-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. |
|
20 |
CVE-2009-2626 |
|
|
+Info |
2009-12-01 |
2009-12-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. |
|
21 |
CVE-2008-5498 |
200 |
|
+Info |
2008-12-26 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. |
|
22 |
CVE-2007-5899 |
200 |
|
+Info |
2007-11-20 |
2010-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. |
|
23 |
CVE-2007-5128 |
20 |
|
+Info |
2007-09-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. |
|
24 |
CVE-2007-4657 |
119 |
|
DoS Overflow +Info |
2007-09-04 |
2009-09-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. |
|
25 |
CVE-2007-2748 |
|
|
+Info |
2007-05-17 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. |
|
26 |
CVE-2007-1412 |
|
1
|
+Info |
2007-03-12 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. |
|
27 |
CVE-2007-1380 |
|
1
|
+Info |
2007-03-09 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. |
|
28 |
CVE-2006-4023 |
|
|
Overflow Sql +Info |
2006-08-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. |
