Max CVSS 6.8 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2011-4153 5.0
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup
18-01-2018 - 02:29 18-01-2012 - 20:55
CVE-2012-0831 6.8
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related
18-01-2018 - 02:29 10-02-2012 - 20:55
CVE-2012-0057 6.4
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
18-01-2018 - 02:29 02-02-2012 - 00:55
CVE-2012-0807 5.1
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote
18-01-2018 - 02:29 27-01-2012 - 00:55
Back to Top Mark selected
Back to Top