Search CVE reports


Toggle filters

391 – 400 of 672 results


CVE-2013-1643

Medium priority
Fixed

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-6113

Medium priority
Fixed

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-5381

Medium priority
Not affected

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-4388

Medium priority
Fixed

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2011-1398

Medium priority
Fixed

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-3450

Medium priority
Fixed

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-3365

Low priority
Ignored

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-2688

Low priority
Fixed

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-2143

Medium priority

Some fixes available 10 of 13

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which...

5 affected packages

php5, postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
postgresql-8.2
postgresql-8.3
postgresql-8.4
postgresql-9.1
Show less packages

CVE-2012-1172

Low priority

Some fixes available 5 of 6

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages