Skip to main content
CVE-2016-4071 CRITICAL POC THREAT Emergency

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

RCE PHP Mac Os X
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
32.6%
Threat
4.4
CVE-2016-4073 CRITICAL POC THREAT Emergency

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service RCE PHP Buffer Overflow Mac Os X
NVD GitHub
CVSS 3.0
9.8
EPSS
11.0%
CVE-2016-4072 CRITICAL Act Now

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.1% and no vendor patch available.

RCE PHP Mac Os X
NVD GitHub
CVSS 3.0
9.8
EPSS
11.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy