|Max CVSS||6.4||Min CVSS||5.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup
|18-01-2018 - 02:29||18-01-2012 - 20:55|
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or
|18-01-2018 - 02:29||24-05-2012 - 00:55|
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
|18-01-2018 - 02:29||02-02-2012 - 00:55|
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
|09-01-2018 - 02:29||14-02-2012 - 15:55|
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service
|05-01-2018 - 02:29||11-05-2012 - 10:15|