This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
Summuary | |
---|---|
CPE Name | cpe:/a:php:php |
Detail | |||
---|---|---|---|
Vendor | Php | First view | 1997-04-17 |
Product | Php | Last view | 2019-08-09 |
Version | Type | Application | |
Edition | |||
Language | |||
Update |
Activity : Overall
COMMON PLATFORM ENUMERATION : Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:/a:php:php:4.0.0 | 400 |
cpe:/a:php:php:4.1.2 | 397 |
cpe:/a:php:php:4.2.2 | 396 |
cpe:/a:php:php:4.0.3 | 396 |
cpe:/a:php:php:4.0.4:- | 395 |
Related : CVE
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date | Alert | Access Vector | Access Complexity | Authentication | ||
---|---|---|---|---|---|---|
6.8 | 2019-08-09 | CVE-2019-11042 | Network | Medium | None Requ... | |
6.8 | 2019-08-09 | CVE-2019-11041 | Network | Medium | None Requ... | |
5 | 2019-07-10 | CVE-2017-7189 | Network | Low | None Requ... | |
6.4 | 2019-06-18 | CVE-2019-11040 | Network | Low | None Requ... | |
6.4 | 2019-06-18 | CVE-2019-11039 | Network | Low | None Requ... | |
Date | Alert | Access Vector | Access Complexity | Authentication | ||
---|---|---|---|---|---|---|
5 | 2019-06-18 | CVE-2019-11038 | Network | Low | None Requ... | |
6.4 | 2019-05-03 | CVE-2019-11036 | Network | Low | None Requ... | |
6.4 | 2019-04-18 | CVE-2019-11035 | Network | Low | None Requ... | |
6.4 | 2019-04-18 | CVE-2019-11034 | Network | Low | None Requ... | |
6.8 | 2019-03-11 | CVE-2019-9675 | Network | Medium | None Requ... | |
7.5 | 2019-03-08 | CVE-2019-9641 | Network | Low | None Requ... | |
5 | 2019-03-08 | CVE-2019-9640 | Network | Low | None Requ... | |
5 | 2019-03-08 | CVE-2019-9639 | Network | Low | None Requ... | |
5 | 2019-03-08 | CVE-2019-9638 | Network | Low | None Requ... | |
5 | 2019-03-08 | CVE-2019-9637 | Network | Low | None Requ... | |
7.5 | 2019-02-22 | CVE-2019-9025 | Network | Low | None Requ... | |
5 | 2019-02-22 | CVE-2019-9024 | Network | Low | None Requ... | |
7.5 | 2019-02-22 | CVE-2019-9023 | Network | Low | None Requ... | |
5 | 2019-02-22 | CVE-2019-9022 | Network | Low | None Requ... | |
7.5 | 2019-02-22 | CVE-2019-9021 | Network | Low | None Requ... | |
7.5 | 2019-02-22 | CVE-2019-9020 | Network | Low | None Requ... | |
5 | 2019-02-21 | CVE-2018-20783 | Network | Low | None Requ... | |
6.8 | 2019-01-26 | CVE-2019-6977 | Network | Medium | None Requ... | |
5 | 2018-12-07 | CVE-2018-19935 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
% | id | Name |
---|---|---|
23% (100) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14% (65) | CWE-20 | Improper Input Validation |
8% (39) | CWE-189 | Numeric Errors |
7% (31) | CWE-264 | Permissions, Privileges, and Access Controls |
6% (27) | CWE-200 | Information Exposure |
% | id | Name |
---|---|---|
5% (25) | CWE-399 | Resource Management Errors |
4% (21) | CWE-125 | Out-of-bounds Read |
3% (16) | CWE-416 | Use After Free |
3% (15) | CWE-190 | Integer Overflow or Wraparound |
2% (12) | CWE-476 | NULL Pointer Dereference |
1% (8) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
1% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (8) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (7) | CWE-134 | Uncontrolled Format String |
1% (6) | CWE-787 | Out-of-bounds Write |
1% (5) | CWE-310 | Cryptographic Issues |
1% (5) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (4) | CWE-502 | Deserialization of Untrusted Data |
0% (4) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
0% (4) | CWE-19 | Data Handling |
0% (3) | CWE-415 | Double Free |
0% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
0% (3) | CWE-362 | Race Condition |
0% (3) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
0% (2) | CWE-284 | Access Control (Authorization) Issues |
CAPEC : Common Attack Pattern Enumeration & Classification
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-6 | Argument Injection |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
id | Name |
---|---|
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-15 | Command Delimiters |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
CAPEC-28 | Fuzzing |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-34 | HTTP Response Splitting |
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
SAINT Exploits
Description | Link |
---|---|
PHP CGI Query String Parameters Command Execution | More info here |
Horde Imp Unauthenticated Remote Command Execution | More info here |
Open Source Vulnerability Database (OSVDB)
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id | Description |
---|---|
78571 | PHP tidy_diagnose Function Tidy::diagnose Operation Remote doS |
78570 | PHP zend_strndup Function Return Value Parsing Remote DoS |
78115 | PHP Hash Collission Form Parameter Parsing Remote DoS |
77446 | PHP exif.c exif_process_IFD_TAG Function EXIF Header JPEG File Handling Overflow |
77047 | Roundcube Webmail include/iniset.php Subject Header Parsing Remote DoS |
id | Description |
---|---|
75713 | PHP is_a() Function __autoload() Function Remote File Inclusion |
75200 | PHP *alloc Functions Argument Handling Arbitrary Value Injection Overflow |
74743 | PHP ext/zip/php_zip.c Multiple Function Flag Argument DoS |
74742 | PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure |
74739 | PHP error_log Function Unspecified DoS |
74738 | PHP crypt() Function Salt Argument Overflow |
74728 | PHP extract() Function EXTR_OVERWRITE Parameter Variable Overwriting |
74726 | PHP crypt() Function MD5 Salt Hash Value Return Weakness |
74689 | PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary ... |
74688 | PHP mt_rand Function max Parameter Overflow |
74193 | PHP PCNTL Extension Concurrent Signal Saturation Race Condition Memory Corrup... |
73755 | PHP OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS |
73754 | PHP OpenSSL Extension openssl_encrypt Function Plaintext Data Memory Leak DoS |
73706 | PHP on Debian GNU/Linux /etc/cron.d/php5 Directory Symlink Arbitrary File Del... |
73626 | PHP Calendar Extension SdnToJulian Function Overflow DoS |
73625 | PHP Intl Extension NumberFormatter::setSymbol Function Invalid Argument DoS |
73624 | PHP Streams Component HTTP Proxy FTP Wrapper ftp:// URL DoS |
73623 | PHP Zip Extension stream_get_contents Function ziparchive Stream Handling DoS |
73622 | PHP Zip Extension zip_stream.c zip_fread Function Call Integer Signedness Err... |
73275 | PHP grapheme_extract() Function NULL Dereference DoS |
ExploitDB Exploits
id | Description |
---|---|
30395 | PHP openssl_x509_parse() - Memory Corruption Vulnerability |
29290 | Apache / PHP 5.x Remote Code Execution Exploit |
25986 | Plesk Apache Zeroday Remote Exploit |
18836 | PHP CGI Argument Injection Exploit |
18834 | PHP CGI Argument Injection |
id | Description |
---|---|
18370 | PHP 5.3.8 Multiple Vulnerabilities |
18305 | PHP Hash Table Collision Proof Of Concept |
18296 | PHP Hashtables Denial of Service |
17486 | PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938 |
17318 | PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability |
17004 | libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) |
16966 | PHP <= 5.3.6 shmop_read() Integer Overflow DoS |
16182 | PHP 5.3.5 grapheme_extract() NULL Pointer Dereference |
15722 | PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow |
15431 | PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference |
11636 | Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0) |
7646 | PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability |
4392 | PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability |
OpenVAS Exploits
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id | Description |
---|---|
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update) File : nvt/gb_suse_2012_0426_1.nasl |
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0590-1 (update) File : nvt/gb_suse_2012_0590_1.nasl |
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL) File : nvt/glsa_201209_24.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-03 (php) File : nvt/glsa_201209_03.nasl |
2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
id | Description |
---|---|
2012-09-24 | Name : PHP 'main/SAPI.c' HTTP Header Injection Vulnerability File : nvt/gb_php_http_header_injection_vuln_win.nasl |
2012-09-22 | Name : Ubuntu Update for php5 USN-1569-1 File : nvt/gb_ubuntu_USN_1569_1.nasl |
2012-09-19 | Name : FreeBSD Ports: php5-sqlite File : nvt/freebsd_php5-sqlite.nasl |
2012-09-19 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php520.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-210-01 libpng File : nvt/esoft_slk_ssa_2011_210_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-237-01 php File : nvt/esoft_slk_ssa_2011_237_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-041-02 php File : nvt/esoft_slk_ssa_2012_041_02.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-204-01 php File : nvt/esoft_slk_ssa_2012_204_01.nasl |
2012-09-07 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php519.nasl |
2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-7628 File : nvt/gb_fedora_2012_7628_maniadrive_fc17.nasl |
2012-08-30 | Name : Fedora Update for php FEDORA-2012-7628 File : nvt/gb_fedora_2012_7628_php_fc17.nasl |
2012-08-30 | Name : Debian Security Advisory DSA 2527-1 (php5) File : nvt/deb_2527_1.nasl |
2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-10936 File : nvt/gb_fedora_2012_10936_maniadrive_fc17.nasl |
2012-08-30 | Name : Fedora Update for php FEDORA-2012-10936 File : nvt/gb_fedora_2012_10936_php_fc17.nasl |
2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-8924 File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl |
2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-12156 File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl |
2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-12165 File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl |
2012-08-30 | Name : Fedora Update for gd FEDORA-2012-9298 File : nvt/gb_fedora_2012_9298_gd_fc17.nasl |
2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-9490 File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl |
2012-08-30 | Name : Fedora Update for php FEDORA-2012-9490 File : nvt/gb_fedora_2012_9490_php_fc17.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-B-0108 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0061365 |
2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity : Category I - VMSKEY : V0061337 |
2014-B-0086 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0052897 |
2014-B-0053 | PHP Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0050233 |
2014-B-0021 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0044541 |
id | Description |
---|---|
2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
2013-B-0093 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0040108 |
Snort® IPS/IDS
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date | Description |
---|---|
2014-01-10 | php.cgi access RuleID : 824-community - Type : SERVER-WEBAPP - Revision : 27 |
2014-01-10 | php.cgi access RuleID : 824 - Type : SERVER-WEBAPP - Revision : 27 |
2019-11-19 | PHP tag depth heap memory corruption attempt RuleID : 51930 - Type : SERVER-WEBAPP - Revision : 1 |
2019-10-23 | PHP http fopen stack buffer overflow attempt RuleID : 51578 - Type : SERVER-WEBAPP - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file download attempt RuleID : 49673 - Type : SERVER-OTHER - Revision : 1 |
Date | Description |
---|---|
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file upload attempt RuleID : 49672 - Type : SERVER-OTHER - Revision : 1 |
2018-12-11 | CVE PHP infinite loop from use of stream filter and convert.iconv file upload... RuleID : 48354 - Type : SERVER-WEBAPP - Revision : 2 |
2018-08-16 | PHP phar extension remote code execution attempt RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2 |
2018-08-14 | PHP unserialize integer overflow attempt RuleID : 47156 - Type : SERVER-WEBAPP - Revision : 1 |
2018-08-14 | PHP unserialize integer overflow attempt RuleID : 47155 - Type : SERVER-WEBAPP - Revision : 1 |
2018-06-26 | PHP .phar cross site scripting attempt RuleID : 46808 - Type : SERVER-WEBAPP - Revision : 2 |
2018-06-05 | PHP unserialize integer overflow attempt RuleID : 46470 - Type : SERVER-WEBAPP - Revision : 4 |
2018-06-05 | PHP unserialize integer overflow attempt RuleID : 46469 - Type : SERVER-WEBAPP - Revision : 3 |
2018-03-29 | PHP unserialize integer overflow attempt RuleID : 45769 - Type : SERVER-WEBAPP - Revision : 4 |
2018-03-29 | PHP unserialize integer overflow attempt RuleID : 45768 - Type : SERVER-WEBAPP - Revision : 4 |
2018-03-20 | PHP php_mime_split multipart file upload buffer overflow attempt RuleID : 45676 - Type : SERVER-WEBAPP - Revision : 2 |
2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44749 - Type : SERVER-WEBAPP - Revision : 2 |
2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44748 - Type : SERVER-WEBAPP - Revision : 2 |
2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44747 - Type : SERVER-WEBAPP - Revision : 2 |
2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44746 - Type : SERVER-WEBAPP - Revision : 2 |
2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44745 - Type : SERVER-WEBAPP - Revision : 2 |
2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44744 - Type : SERVER-WEBAPP - Revision : 2 |
2017-10-24 | PHP form-based file upload DoS attempt RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2 |
2017-09-19 | PHP malformed quoted printable denial of service attempt RuleID : 44001 - Type : SERVER-WEBAPP - Revision : 2 |
2017-08-23 | PHP core unserialize use after free attempt RuleID : 43668 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id | Description |
---|---|
2019-01-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2019-1147.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-1aeac808ce.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO |
id | Description |
---|---|
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-7ebfe1e6f2.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-dfe1f0bac6.nasl - Type : ACT_GATHER_INFO |
2018-12-17 | Name : The remote Debian host is missing a security update. File : debian_DLA-1608.nasl - Type : ACT_GATHER_INFO |
2018-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO |
2018-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO |
2018-10-26 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1325.nasl - Type : ACT_GATHER_INFO |
2018-10-19 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO |
2018-09-27 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1309.nasl - Type : ACT_GATHER_INFO |
2018-09-27 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1310.nasl - Type : ACT_GATHER_INFO |
2018-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO |
2018-09-20 | Name : The remote Debian host is missing a security update. File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO |
2018-09-18 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1249.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote Debian host is missing a security update. File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO |
2018-08-24 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO |
2018-08-24 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO |
2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0021.nasl - Type : ACT_GATHER_INFO |
2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0029.nasl - Type : ACT_GATHER_INFO |
2018-08-10 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1224.nasl - Type : ACT_GATHER_INFO |
2018-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO |
2018-07-03 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1217.nasl - Type : ACT_GATHER_INFO |