PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2015-4644
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
CVE-2015-4644
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...
CVE-2015-4643
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
CVE-2015-4643
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...
CVE-2015-4642
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
CVE-2015-4642
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...
CVE-2015-4605
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
CVE-2015-4605
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4604
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
CVE-2015-4604
The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-4644 The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. | CVSS3: 7.5 | 10% Низкий | почти 10 лет назад |
| CVE-2015-4644 The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ... | CVSS3: 7.5 | 10% Низкий | почти 10 лет назад |
| CVE-2015-4643 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. | CVSS3: 9.8 | 9% Низкий | почти 10 лет назад |
| CVE-2015-4643 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ... | CVSS3: 9.8 | 9% Низкий | почти 10 лет назад |
| CVE-2015-4642 The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | CVSS3: 9.8 | 6% Низкий | почти 10 лет назад |
| CVE-2015-4642 The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ... | CVSS3: 9.8 | 6% Низкий | почти 10 лет назад |
| CVE-2015-4605 The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. | CVSS3: 7.5 | 9% Низкий | почти 10 лет назад |
| CVE-2015-4605 The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ... | CVSS3: 7.5 | 9% Низкий | почти 10 лет назад |
| CVE-2015-4604 The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. | CVSS3: 7.5 | 9% Низкий | почти 10 лет назад |
| CVE-2015-4604 The mget function in softmagic.c in file 5.x, as used in the Fileinfo ... | CVSS3: 7.5 | 9% Низкий | почти 10 лет назад |
Уязвимостей на страницу