PHP » PHP : Security Vulnerabilities Published In 2011 (Code Execution)

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Max Base Score
7.5
Published 2011-11-03
Updated 2012-07-03
EPSS 5.99%
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
Max Base Score
7.5
Published 2011-05-31
Updated 2017-08-17
EPSS 1.86%
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
Max Base Score
7.5
Published 2011-03-16
Updated 2017-08-17
EPSS 1.78%
3 vulnerabilities found
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!