Multiple vulnerabilities in PHP and extensions

Description

Multiple serious vulnerabilities have been found in PHP and extensions. Malicious users can exploit these vulnerabilities to cause denial of service or inject code.

Below is a complete list of vulnerabilities

1. Multiple integer overflows can be exploited remotely via a specially designed year value;
2. Lack of tokens validation can be exploited remotely via a specially designed name;
3. Improper tmp drectory addres containing can be exploited locally via a file manipulations.

Original advisories

Related products

• PHP

CVE list

• CVE-2015-2331
  critical
• CVE-2015-0231
  critical
• CVE-2015-2305
  high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com