Skip to main content
CVE-2015-6834 CRITICAL POC THREAT Emergency

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

RCE PHP
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
37.2%
Threat
4.6
CVE-2015-6835 CRITICAL POC THREAT Emergency

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

RCE PHP Denial Of Service
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
Threat
4.1
CVE-2015-4602 CRITICAL POC THREAT Emergency

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

RCE PHP Denial Of Service Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2015-4600 CRITICAL POC THREAT Emergency

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

RCE PHP Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 3.0
9.8
EPSS
10.7%
CVE-2016-2554 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Denial Of Service PHP Buffer Overflow
NVD
CVSS 3.0
9.8
EPSS
10.3%
CVE-2015-4643 CRITICAL POC PATCH Act Now

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Buffer Overflow Debian Linux Enterprise Linux Desktop +6
NVD
CVSS 3.0
9.8
EPSS
8.7%
CVE-2015-4603 CRITICAL POC Act Now

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2015-4599 CRITICAL POC Act Now

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 3.0
9.8
EPSS
6.6%
CVE-2015-4642 CRITICAL POC Act Now

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Microsoft
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2015-4116 CRITICAL POC Act Now

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Leap
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2015-4601 CRITICAL Act Now

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.4% and no vendor patch available.

RCE PHP Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 3.0
9.8
EPSS
21.4%
CVE-2015-5589 CRITICAL Act Now

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.4% and no vendor patch available.

Denial Of Service PHP
NVD
CVSS 3.0
9.8
EPSS
10.4%
CVE-2015-8835 CRITICAL Act Now

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Denial Of Service
NVD
CVSS 3.0
9.8
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy