This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Php First view 1997-04-17
Product Php Last view 2020-09-09
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:* 460
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:* 457
cpe:2.3:a:php:php:4.0.4:-:*:*:*:*:*:* 457
cpe:2.3:a:php:php:4.0.5:-:*:*:*:*:*:* 457
cpe:2.3:a:php:php:4.1.0:-:*:*:*:*:*:* 457
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:* 456
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:* 456
cpe:2.3:a:php:php:4.0.6:-:*:*:*:*:*:* 456
cpe:2.3:a:php:php:4.2.0:-:*:*:*:*:*:* 456
cpe:2.3:a:php:php:4.2.1:-:*:*:*:*:*:* 456
cpe:2.3:a:php:php:4.0.1:-:*:*:*:*:*:* 455
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:* 454
cpe:2.3:a:php:php:4.2.3:-:*:*:*:*:*:* 452
cpe:2.3:a:php:php:4.3.0:-:*:*:*:*:*:* 452
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:* 451
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:* 451
cpe:2.3:a:php:php:4.0.7:-:*:*:*:*:*:* 451
cpe:2.3:a:php:php:4.3.2:-:*:*:*:*:*:* 449
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:* 447
cpe:2.3:a:php:php:4.3.3:-:*:*:*:*:*:* 447
cpe:2.3:a:php:php:4.3.6:-:*:*:*:*:*:* 447
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* 446
cpe:2.3:a:php:php:4.3.5:-:*:*:*:*:*:* 446
cpe:2.3:a:php:php:4.3.7:-:*:*:*:*:*:* 446
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:* 445
cpe:2.3:a:php:php:4.3.10:-:*:*:*:*:*:* 445
cpe:2.3:a:php:php:4.4.0:-:*:*:*:*:*:* 445
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:* 444
cpe:2.3:a:php:php:4.3.4:-:*:*:*:*:*:* 444
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:* 442
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:* 442
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:* 441
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:* 441
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:* 441
cpe:2.3:a:php:php:4.3.11:-:*:*:*:*:*:* 440
cpe:2.3:a:php:php:4.4.2:-:*:*:*:*:*:* 439
cpe:2.3:a:php:php:4.4.1:-:*:*:*:*:*:* 437
cpe:2.3:a:php:php:5.0.0:-:*:*:*:*:*:* 436
cpe:2.3:a:php:php:5.0.2:-:*:*:*:*:*:* 436
cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:* 435
cpe:2.3:a:php:php:5.0.1:-:*:*:*:*:*:* 435
cpe:2.3:a:php:php:5.0.3:-:*:*:*:*:*:* 432
cpe:2.3:a:php:php:5.1.0:-:*:*:*:*:*:* 432
cpe:2.3:a:php:php:5.1.2:-:*:*:*:*:*:* 432
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* 431
cpe:2.3:a:php:php:5.0.5:-:*:*:*:*:*:* 431
cpe:2.3:a:php:php:5.0.4:-:*:*:*:*:*:* 430
cpe:2.3:a:php:php:4.4.3:-:*:*:*:*:*:* 427
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:* 425
cpe:2.3:a:php:php:4.4.4:-:*:*:*:*:*:* 425

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.4 2020-09-09 CVE-2020-7068

In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

7.5 2020-09-03 CVE-2020-11579

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

5.3 2020-05-20 CVE-2019-11048

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

7.5 2020-04-27 CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

4.3 2020-04-01 CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

8.8 2020-04-01 CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

5.4 2020-04-01 CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

5.3 2020-02-27 CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

7.5 2020-02-27 CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

9.1 2020-02-27 CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

9.8 2020-02-19 CVE-2014-3622

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.

7.5 2020-02-12 CVE-2011-3336

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

9.1 2020-02-10 CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

9.1 2020-02-10 CVE-2020-7059

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

8.8 2020-01-15 CVE-2015-6497

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.

6.5 2019-12-23 CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

9.8 2019-12-23 CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

6.5 2019-12-23 CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

7.5 2019-12-23 CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

5.9 2019-12-23 CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

7.5 2019-12-23 CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

9.8 2019-11-26 CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

7.5 2019-11-25 CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

7.5 2019-11-13 CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

9.8 2019-10-28 CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (98) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (66) CWE-20 Improper Input Validation
8% (39) CWE-189 Numeric Errors
6% (31) CWE-264 Permissions, Privileges, and Access Controls
6% (30) CWE-125 Out-of-bounds Read
5% (27) CWE-200 Information Exposure
5% (24) CWE-399 Resource Management Errors
4% (19) CWE-416 Use After Free
3% (15) CWE-190 Integer Overflow or Wraparound
2% (13) CWE-476 NULL Pointer Dereference
1% (9) CWE-787 Out-of-bounds Write
1% (8) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (8) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (8) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (7) CWE-134 Uncontrolled Format String
1% (5) CWE-310 Cryptographic Issues
1% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (4) CWE-502 Deserialization of Untrusted Data
0% (4) CWE-415 Double Free
0% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (4) CWE-19 Data Handling
0% (3) CWE-362 Race Condition
0% (3) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (2) CWE-284 Access Control (Authorization) Issues
0% (2) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-34 HTTP Response Splitting
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:485 PH Cross-site Scripting Vulnerability
oval:org.mitre.oval:def:10346 Buffer overflow in the imap_fetch_overview function in the IMAP functionality...
oval:org.mitre.oval:def:10896 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3...
oval:org.mitre.oval:def:10619 The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does ...
oval:org.mitre.oval:def:10863 php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive...
oval:org.mitre.oval:def:10961 rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary...
oval:org.mitre.oval:def:10511 The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows ...
oval:org.mitre.oval:def:10877 Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5...
oval:org.mitre.oval:def:9279 PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedi...
oval:org.mitre.oval:def:9310 The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3...
oval:org.mitre.oval:def:11703 The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0....
oval:org.mitre.oval:def:10822 Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before...
oval:org.mitre.oval:def:10307 exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of serv...
oval:org.mitre.oval:def:11032 The exif_read_data function in the Exif module in PHP before 4.4.1 allows rem...
oval:org.mitre.oval:def:10542 Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x u...
oval:org.mitre.oval:def:11481 The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when calle...
oval:org.mitre.oval:def:10537 The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, w...
oval:org.mitre.oval:def:10332 CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0...
oval:org.mitre.oval:def:10064 Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, w...
oval:org.mitre.oval:def:10997 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and...
oval:org.mitre.oval:def:11084 PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memor...
oval:org.mitre.oval:def:10196 Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows loc...
oval:org.mitre.oval:def:9696 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 ...
oval:org.mitre.oval:def:10118 zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before ...
oval:org.mitre.oval:def:11062 scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-depen...

SAINT Exploits

Description Link
PHP CGI Query String Parameters Command Execution More info here
Horde Imp Unauthenticated Remote Command Execution More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78571 PHP tidy_diagnose Function Tidy::diagnose Operation Remote doS
78570 PHP zend_strndup Function Return Value Parsing Remote DoS
78115 PHP Hash Collission Form Parameter Parsing Remote DoS
77446 PHP exif.c exif_process_IFD_TAG Function EXIF Header JPEG File Handling Overflow
75713 PHP is_a() Function __autoload() Function Remote File Inclusion
75200 PHP *alloc Functions Argument Handling Arbitrary Value Injection Overflow
74743 PHP ext/zip/php_zip.c Multiple Function Flag Argument DoS
74742 PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure
74739 PHP error_log Function Unspecified DoS
74738 PHP crypt() Function Salt Argument Overflow
74728 PHP extract() Function EXTR_OVERWRITE Parameter Variable Overwriting
74726 PHP crypt() Function MD5 Salt Hash Value Return Weakness
74689 PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary ...
74688 PHP mt_rand Function max Parameter Overflow
74193 PHP PCNTL Extension Concurrent Signal Saturation Race Condition Memory Corrup...
73755 PHP OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS
73754 PHP OpenSSL Extension openssl_encrypt Function Plaintext Data Memory Leak DoS
73706 PHP on Debian GNU/Linux /etc/cron.d/php5 Directory Symlink Arbitrary File Del...
73626 PHP Calendar Extension SdnToJulian Function Overflow DoS
73625 PHP Intl Extension NumberFormatter::setSymbol Function Invalid Argument DoS
73624 PHP Streams Component HTTP Proxy FTP Wrapper ftp:// URL DoS
73623 PHP Zip Extension stream_get_contents Function ziparchive Stream Handling DoS
73622 PHP Zip Extension zip_stream.c zip_fread Function Call Integer Signedness Err...
73387 Zend Framework PDO_MySql Character Set Security Bypass
73275 PHP grapheme_extract() Function NULL Dereference DoS

ExploitDB Exploits

id Description
30395 PHP openssl_x509_parse() - Memory Corruption Vulnerability
29290 Apache / PHP 5.x Remote Code Execution Exploit
25986 Plesk Apache Zeroday Remote Exploit
18836 PHP CGI Argument Injection Exploit
18834 PHP CGI Argument Injection
18370 PHP 5.3.8 Multiple Vulnerabilities
18305 PHP Hash Table Collision Proof Of Concept
18296 PHP Hashtables Denial of Service
17486 PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938
17318 PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
17004 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
16966 PHP <= 5.3.6 shmop_read() Integer Overflow DoS
16182 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
15722 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
15431 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
11636 Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)
7646 PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability
4392 PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update)
File : nvt/gb_suse_2012_0426_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0590-1 (update)
File : nvt/gb_suse_2012_0590_1.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-24 Name : PHP 'main/SAPI.c' HTTP Header Injection Vulnerability
File : nvt/gb_php_http_header_injection_vuln_win.nasl
2012-09-22 Name : Ubuntu Update for php5 USN-1569-1
File : nvt/gb_ubuntu_USN_1569_1.nasl
2012-09-19 Name : FreeBSD Ports: php5-sqlite
File : nvt/freebsd_php5-sqlite.nasl
2012-09-19 Name : FreeBSD Ports: php5
File : nvt/freebsd_php520.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-210-01 libpng
File : nvt/esoft_slk_ssa_2011_210_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-237-01 php
File : nvt/esoft_slk_ssa_2011_237_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-041-02 php
File : nvt/esoft_slk_ssa_2012_041_02.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-204-01 php
File : nvt/esoft_slk_ssa_2012_204_01.nasl
2012-09-07 Name : FreeBSD Ports: php5
File : nvt/freebsd_php519.nasl
2012-08-30 Name : Debian Security Advisory DSA 2527-1 (php5)
File : nvt/deb_2527_1.nasl
2012-08-30 Name : Fedora Update for maniadrive FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_maniadrive_fc17.nasl
2012-08-30 Name : Fedora Update for php FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_php_fc17.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-12165
File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl
2012-08-30 Name : Fedora Update for maniadrive FEDORA-2012-6869
File : nvt/gb_fedora_2012_6869_maniadrive_fc17.nasl
2012-08-30 Name : Fedora Update for php FEDORA-2012-6869
File : nvt/gb_fedora_2012_6869_php_fc17.nasl
2012-08-30 Name : Fedora Update for maniadrive FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_maniadrive_fc17.nasl
2012-08-30 Name : Fedora Update for php FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_php_fc17.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-8924
File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl
2012-08-30 Name : Fedora Update for gd FEDORA-2012-9298
File : nvt/gb_fedora_2012_9298_gd_fc17.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0108 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0061365
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2014-B-0086 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0052897
2014-B-0053 PHP Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0050233
2014-B-0021 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0044541
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0093 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0040108

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 php.cgi access
RuleID : 824-community - Type : SERVER-WEBAPP - Revision : 27
2014-01-10 php.cgi access
RuleID : 824 - Type : SERVER-WEBAPP - Revision : 27
2020-07-30 PHP php_strip_tags_ex function out-of-bounds read attempt
RuleID : 54406 - Type : SERVER-WEBAPP - Revision : 1
2020-07-30 PHP php_strip_tags_ex function out-of-bounds read attempt
RuleID : 54405 - Type : SERVER-WEBAPP - Revision : 1
2020-01-14 PHP malformed quoted printable denial of service attempt
RuleID : 52454 - Type : SERVER-WEBAPP - Revision : 1
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2019-11-19 PHP tag depth heap memory corruption attempt
RuleID : 51930 - Type : SERVER-WEBAPP - Revision : 1
2019-10-23 PHP http fopen stack buffer overflow attempt
RuleID : 51578 - Type : SERVER-WEBAPP - Revision : 1
2019-05-07 PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Type : SERVER-OTHER - Revision : 1
2019-05-07 PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Type : SERVER-OTHER - Revision : 1
2018-12-11 CVE PHP infinite loop from use of stream filter and convert.iconv file upload...
RuleID : 48354 - Type : SERVER-WEBAPP - Revision : 2
2018-08-16 PHP phar extension remote code execution attempt
RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2
2018-08-14 PHP unserialize integer overflow attempt
RuleID : 47156 - Type : SERVER-WEBAPP - Revision : 1
2018-08-14 PHP unserialize integer overflow attempt
RuleID : 47155 - Type : SERVER-WEBAPP - Revision : 1
2018-06-26 PHP .phar cross site scripting attempt
RuleID : 46808 - Type : SERVER-WEBAPP - Revision : 2
2018-06-05 PHP unserialize integer overflow attempt
RuleID : 46470 - Type : SERVER-WEBAPP - Revision : 4
2018-06-05 PHP unserialize integer overflow attempt
RuleID : 46469 - Type : SERVER-WEBAPP - Revision : 3
2018-03-29 PHP unserialize integer overflow attempt
RuleID : 45769 - Type : SERVER-WEBAPP - Revision : 4
2018-03-29 PHP unserialize integer overflow attempt
RuleID : 45768 - Type : SERVER-WEBAPP - Revision : 4
2018-03-20 PHP php_mime_split multipart file upload buffer overflow attempt
RuleID : 45676 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13 PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44749 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13 PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44748 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13 PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44747 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13 PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44746 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13 PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44745 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1147.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1aeac808ce.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-791c3cfe21.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7ebfe1e6f2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b6072889db.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-dfe1f0bac6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ee6707d519.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1608.nasl - Type: ACT_GATHER_INFO
2018-12-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4353.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-01.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1325.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1090.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1309.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1310.nasl - Type: ACT_GATHER_INFO
2018-09-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-25100b492c.nasl - Type: ACT_GATHER_INFO
2018-09-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1509.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1249.nasl - Type: ACT_GATHER_INFO
2018-09-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1490.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1066.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1067.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0029.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1224.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4240.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1217.nasl - Type: ACT_GATHER_INFO