PHP » PHP : Security Vulnerabilities Published In 2013 (Gain Information)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2013-1824 |
200 |
|
+Info |
2013-09-16 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. |
2 |
CVE-2013-1643 |
200 |
|
+Info |
2013-03-06 |
2014-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. |
3 |
CVE-2012-6113 |
200 |
|
+Info |
2013-01-19 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. |
Total number of vulnerabilities :
3
Page :
1
(This Page)