Skip to content

Latest commit

 

History

History
272 lines (271 loc) · 34.2 KB

TOPPHP(IBB).md

File metadata and controls

272 lines (271 loc) · 34.2 KB
Raw

Top reports from PHP (IBB) program at HackerOne:

  1. In correct casting from size_t to int lead to heap overflow in mcrypt_generic to PHP (IBB) - 81 upvotes, $1000
  2. Heap Buffer Overflow (READ: 4) in phar_parse_pharfile to PHP (IBB) - 72 upvotes, $1500
  3. GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] to PHP (IBB) - 64 upvotes, $1500
  4. Type Confusion Vulnerability - SOAP / make_http_soap_request() to PHP (IBB) - 64 upvotes, $1000
  5. Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow to PHP (IBB) - 58 upvotes, $1500
  6. Inappropriate URL parsing may cause security risk! to PHP (IBB) - 52 upvotes, $1000
  7. Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412) to PHP (IBB) - 50 upvotes, $1000
  8. DOS in stream filters to PHP (IBB) - 44 upvotes, $1500
  9. Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c to PHP (IBB) - 42 upvotes, $500
  10. mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065) to PHP (IBB) - 40 upvotes, $1500
  11. CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm to PHP (IBB) - 36 upvotes, $1500
  12. PHP mbstring / Oniguruma multiple remote heap/stack corruptions to PHP (IBB) - 35 upvotes, $1500
  13. select_colors write out-of-bounds to PHP (IBB) - 23 upvotes, $1000
  14. Out of Bounds Memory Read in exif_scan_thumbnail to PHP (IBB) - 20 upvotes, $1500
  15. efree() on uninitialized Heap data in imagescale leads to use-after-free to PHP (IBB) - 16 upvotes, $1500
  16. PHP Session Data Injection Vulnerability to PHP (IBB) - 16 upvotes, $1000
  17. php curl ext size_t overflow lead to heap corruption to PHP (IBB) - 14 upvotes, $1000
  18. Use-After-Free / Double-Free in WDDX Deserialize to PHP (IBB) - 14 upvotes, $500
  19. wddx_deserialize use-after-free to PHP (IBB) - 14 upvotes, $500
  20. null pointer dereference in imap_mail to PHP (IBB) - 13 upvotes, $1500
  21. heap-buffer-overflow (READ of size 48) in exif_read_data() to PHP (IBB) - 13 upvotes, $500
  22. CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7 to PHP (IBB) - 13 upvotes, $500
  23. php mcrypt ext - In correct casting from size_t to int lead to heap overflow in mdecrypt_generic to PHP (IBB) - 12 upvotes, $1000
  24. Memory corruption when parsing a hostile PHAR archive to PHP (IBB) - 12 upvotes, $500
  25. PHP openssl_x509_parse() Memory Corruption Vulnerability to PHP (IBB) - 11 upvotes, $4000
  26. Use After Free Vulnerability in PHP's GC algorithm and unserialize to PHP (IBB) - 11 upvotes, $1000
  27. ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize to PHP (IBB) - 11 upvotes, $1000
  28. Heap Buffer Overflow (READ: 1786) in exif_iif_add_value to PHP (IBB) - 11 upvotes, $500
  29. Heap Use After Free Read in unserialize() to PHP (IBB) - 11 upvotes, $500
  30. Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS to PHP (IBB) - 10 upvotes, $500
  31. Out of Bounds Memory Read in php_jpg_get16 to PHP (IBB) - 8 upvotes, $1500
  32. Use after free and out of bounds read in xmlrpc_decode() to PHP (IBB) - 8 upvotes, $1500
  33. heap buffer overflow in phar_detect_phar_fname_ext to PHP (IBB) - 7 upvotes, $1500
  34. Use After Free Vulnerability in SNMP with GC and unserialize() to PHP (IBB) - 7 upvotes, $1000
  35. Heap Use After Free in unserialize() to PHP (IBB) - 7 upvotes, $500
  36. Out of Bounds Memory Read in unserialize() to PHP (IBB) - 7 upvotes, $500
  37. Out-of-Bound Read in phar_parse_zipfile() to PHP (IBB) - 7 upvotes, $500
  38. Illegal write/read access caused by gdImageAALine overflow to PHP (IBB) - 7 upvotes, $500
  39. memory corruption in wordwrap function to PHP (IBB) - 7 upvotes, $500
  40. integer overflow in imap_binary caused heap corruption to PHP (IBB) - 7 upvotes, $500
  41. heap overflow in substr_replace to PHP (IBB) - 7 upvotes, $500
  42. Invalid Read on exif_process_SOFn to PHP (IBB) - 6 upvotes, $1500
  43. Out of bound read in exif_process_IFD_in_MAKERNOTE to PHP (IBB) - 6 upvotes, $1000
  44. Out of bounds memory read in unserialize() to PHP (IBB) - 6 upvotes, $500
  45. linkinfo - openbasedir bypass on Windows PHP to PHP (IBB) - 6 upvotes, $500
  46. Integer Overflow in php_html_entities() to PHP (IBB) - 6 upvotes, $500
  47. Integer Overflow in Length of String-typed ZVAL to PHP (IBB) - 6 upvotes, $500
  48. Use-after-free in PHP7's unserialize() to PHP (IBB) - 6 upvotes, $500
  49. Inappropriately parsing HTTP response leads to PHP segment fault! to PHP (IBB) - 6 upvotes, $500
  50. Potential infinite loop in gdImageCreateFromGifCtx! to PHP (IBB) - 6 upvotes, $500
  51. integer overflow in fgetcsv caused heap corruption to PHP (IBB) - 6 upvotes, $500
  52. PHP Heap Overflow Vulnerability in imagecrop() to PHP (IBB) - 5 upvotes, $1500
  53. Type Confusion in WDDX Packet Deserialization to PHP (IBB) - 5 upvotes, $1000
  54. Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF to PHP (IBB) - 5 upvotes, $1000
  55. Integer Overflow in addcslashes()/addslashes() to PHP (IBB) - 5 upvotes, $500
  56. Integer Overflow/Heap Overflow in json_encode()/json_decode() to PHP (IBB) - 5 upvotes, $500
  57. Use After Free Vulnerability in array_walk()/array_walk_recursive() to PHP (IBB) - 5 upvotes, $500
  58. pass2_no_dither out-of-bounds access to PHP (IBB) - 5 upvotes, $500
  59. integer overflow in curl_escape caused heap corruption to PHP (IBB) - 5 upvotes, $500
  60. integer overflow in pg_escape_bytea caused heap corruption to PHP (IBB) - 5 upvotes, $500
  61. integer overflow in pg_escape_string caused heap corruption to PHP (IBB) - 5 upvotes, $500
  62. integer overflow in php_uuencode caused heap corruption to PHP (IBB) - 5 upvotes, $500
  63. Integer overflow lead to heap corruption in sql_regcase to PHP (IBB) - 5 upvotes, $500
  64. integer overflow in bzdecompress caused heap corruption to PHP (IBB) - 5 upvotes, $500
  65. imagecolormatch Out Of Bounds Write on Heap to PHP (IBB) - 4 upvotes, $1500
  66. Use After Free in unserialize() with Unexpected Session Deserialization to PHP (IBB) - 4 upvotes, $1000
  67. Create an Unexpected Object and Don't Invoke __wakeup() in During Deserialization to PHP (IBB) - 4 upvotes, $1000
  68. Use After Free in PHP7 unserialize() to PHP (IBB) - 4 upvotes, $1000
  69. Use-after-free in unserialize() to PHP (IBB) - 4 upvotes, $1000
  70. Type Confusion Vulnerability in SoapClient to PHP (IBB) - 4 upvotes, $500
  71. Invalid parameter in memcpy function trough openssl_pbkdf2 to PHP (IBB) - 4 upvotes, $500
  72. Heap overflow caused by type confusion vulnerability in merge_param() to PHP (IBB) - 4 upvotes, $500
  73. Use after free with assign by ref to overloaded objects to PHP (IBB) - 4 upvotes, $500
  74. Integer Overflow in php_raw_url_encode to PHP (IBB) - 4 upvotes, $500
  75. Multiple Heap Overflows in php_raw_url_encode/php_url_encode to PHP (IBB) - 4 upvotes, $500
  76. Integer Overflow in SplFileObject::fread to PHP (IBB) - 4 upvotes, $500
  77. Integer Overflow in nl2br() to PHP (IBB) - 4 upvotes, $500
  78. Use After Free/Double Free in Garbage Collection to PHP (IBB) - 4 upvotes, $500
  79. Use After Free Vulnerability in unserialize() to PHP (IBB) - 4 upvotes, $500
  80. Memory Corruption in During Deserialized-object Destruction to PHP (IBB) - 4 upvotes, $500
  81. NULL Pointer Dereference in WDDX Packet Deserialization with PDORow to PHP (IBB) - 4 upvotes, $500
  82. Use-after-free in ArrayObject Deserialization to PHP (IBB) - 4 upvotes, $500
  83. Use After Free in unserialize() to PHP (IBB) - 4 upvotes, $500
  84. Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization to PHP (IBB) - 4 upvotes, $500
  85. memory allocator fails to realloc small block to large one to PHP (IBB) - 4 upvotes, $500
  86. integer overflow in fgets cause heap corruption to PHP (IBB) - 4 upvotes, $500
  87. integer overflow in str_pad caused heap corruption to PHP (IBB) - 4 upvotes, $500
  88. integer overflow in php_ldap_do_escape caused heap corruption to PHP (IBB) - 4 upvotes, $500
  89. integer overflow in urlencode caused heap corruption to PHP (IBB) - 4 upvotes, $500
  90. integer overflow in quoted_printable_encode caused heap corruption to PHP (IBB) - 4 upvotes, $500
  91. integer overflow in base64_decode caused heap corruption to PHP (IBB) - 4 upvotes, $500
  92. CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element to PHP (IBB) - 4 upvotes, $500
  93. Long filenames cause OOM and temp files are not cleaned to PHP (IBB) - 4 upvotes, $500
  94. Use after free vulnerability in unserialize() with DateTimeZone to PHP (IBB) - 3 upvotes, $2500
  95. Integer overflow in ZipArchive::getFrom* to PHP (IBB) - 3 upvotes, $1500
  96. Buffer overflow in HTTP url parsing functions to PHP (IBB) - 3 upvotes, $1000
  97. Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme() to PHP (IBB) - 3 upvotes, $1000
  98. SEH buffer overflow msgfmt_format_message to PHP (IBB) - 3 upvotes, $1000
  99. Uninitialized pointer in phar_make_dirstream() to PHP (IBB) - 3 upvotes, $1000
  100. Heap corruption in tar/zip/phar parser to PHP (IBB) - 3 upvotes, $1000
  101. Use after free vulnerability in unserialize() with GMP to PHP (IBB) - 3 upvotes, $500
  102. Use of uninitialized memory in unserialize() to PHP (IBB) - 3 upvotes, $500
  103. Crash (DoS) when parsing a hostile TIFF to PHP (IBB) - 3 upvotes, $500
  104. Type Confusion in Object Deserialization to PHP (IBB) - 3 upvotes, $500
  105. crash in locale_compose() function to PHP (IBB) - 3 upvotes, $500
  106. integer overflow in preg_quote caused heap corruption to PHP (IBB) - 3 upvotes, $500
  107. PHP Integer Overflow in gdImageWebpCtx to PHP (IBB) - 3 upvotes, $500
  108. Null Pointer Dereference in phar_create_or_parse_filename to PHP (IBB) - 3 upvotes, $0
  109. Use After Free Vulnerability in unserialize() to PHP (IBB) - 2 upvotes, $1500
  110. Use after free vulnerability in unserialize() with DateInterval to PHP (IBB) - 2 upvotes, $1500
  111. Multiple Use After Free Vulnerabilites in unserialize() to PHP (IBB) - 2 upvotes, $1500
  112. Heap overflow in utf32be_mbc_to_code to PHP (IBB) - 2 upvotes, $1500
  113. Out of Bounds Memory Read in exif_process_user_comment to PHP (IBB) - 2 upvotes, $1500
  114. Use After Free Vulnerability in unserialize() with SplDoublyLinkedList to PHP (IBB) - 2 upvotes, $1000
  115. Use After Free Vulnerability in unserialize() with SplObjectStorage to PHP (IBB) - 2 upvotes, $1000
  116. Use After Free Vulnerability in unserialize() to PHP (IBB) - 2 upvotes, $1000
  117. php_snmp_error() Format String Vulnerability to PHP (IBB) - 2 upvotes, $1000
  118. imagegammacorrect allows arbitrary write access to PHP (IBB) - 2 upvotes, $1000
  119. Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128) to PHP (IBB) - 2 upvotes, $1000
  120. Stack-based buffer overflow vulnerability in virtual_file_ex to PHP (IBB) - 2 upvotes, $1000
  121. Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER to PHP (IBB) - 2 upvotes, $500
  122. php_stream_url_wrap_http_ex() type-confusion vulnerability to PHP (IBB) - 2 upvotes, $500
  123. Use After Free Vulnerability in session deserializer to PHP (IBB) - 2 upvotes, $500
  124. zend_throw_or_error() format string vulnerability to PHP (IBB) - 2 upvotes, $500
  125. NULL Pointer Dereference in exif_process_user_comment to PHP (IBB) - 2 upvotes, $500
  126. imagefilltoborder stackoverflow on truecolor images to PHP (IBB) - 2 upvotes, $500
  127. Write out-of-bounds at number_format to PHP (IBB) - 2 upvotes, $500
  128. memcpy negative parameter _bc_new_num_ex to PHP (IBB) - 2 upvotes, $500
  129. Use After Free Vulnerability in WDDX Packet Deserialization to PHP (IBB) - 2 upvotes, $500
  130. Type Confusion Vulnerability in PHP_to_XMLRPC_worker() to PHP (IBB) - 2 upvotes, $500
  131. Session WDDX Packet Deserialization Type Confusion Vulnerability to PHP (IBB) - 2 upvotes, $500
  132. Out-of-bounds reads in zif_grapheme_stripos with negative offset to PHP (IBB) - 2 upvotes, $500
  133. imagecropauto out-of-bounds access to PHP (IBB) - 2 upvotes, $500
  134. wddx_deserialize null dereference in php_wddx_pop_element to PHP (IBB) - 2 upvotes, $500
  135. wddx_deserialize null dereference with invalid xml to PHP (IBB) - 2 upvotes, $500
  136. PHP INI Parsing Stack Buffer Overflow Vulnerability to PHP (IBB) - 2 upvotes, $500
  137. Out-Of-Bounds Read in timelib_meridian() to PHP (IBB) - 2 upvotes, $500
  138. PHP WDDX Deserialization Heap OOB Read in timelib_meridian() to PHP (IBB) - 2 upvotes, $500
  139. PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy) to PHP (IBB) - 2 upvotes, $500
  140. Integer overflow in wordwrap to PHP (IBB) - 2 upvotes, $500
  141. Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes to PHP (IBB) - 2 upvotes, $500
  142. imap_rfc822_parse_headers GS Violation to PHP (IBB) - 2 upvotes, $500
  143. wddx_deserialize allows illegal memory access to PHP (IBB) - 2 upvotes, $500
  144. crash in gzcompress and 3 other compress functions to PHP (IBB) - 2 upvotes, $500
  145. ldap_escape could produce string larger than 2Gb to PHP (IBB) - 2 upvotes, $500
  146. integer overflow in recode_string caused heap corruption to PHP (IBB) - 2 upvotes, $500
  147. heap-buffer-overflow (write) simplestring_addn simplestring.c to PHP (IBB) - 2 upvotes, $500
  148. Trivial age-old heap overflow in 32-bit PHP to PHP (IBB) - 2 upvotes, $500
  149. Heap BufferOver Flow in escapeshellargs and escapeshellcmd functions to PHP (IBB) - 2 upvotes, $500
  150. Arbitary Memory Read via gdImageRotateInterpolated Array Index Out of Bounds to PHP (IBB) - 2 upvotes, $500
  151. PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at() to PHP (IBB) - 2 upvotes, $500
  152. Out-of-Bound Read in urldecode() [CVE-2020-7067] to PHP (IBB) - 2 upvotes, $500
  153. buffer overread in base64 code of the xmlrpc module to PHP (IBB) - 2 upvotes, $500
  154. OOB read in php_strip_tags_ex to PHP (IBB) - 2 upvotes, $500
  155. Null pointer deref (segfault) in stream_context_get_default to PHP (IBB) - 2 upvotes, $0
  156. 3 heap corruptions in PHP to PHP (IBB) - 1 upvotes, $1500
  157. Stack Buffer Overflow in GD dynamicGetbuf to PHP (IBB) - 1 upvotes, $1500
  158. Inadequate error handling in bzread() to PHP (IBB) - 1 upvotes, $1500
  159. phar_tar_writeheaders_int() buffer overflow to PHP (IBB) - 1 upvotes, $1500
  160. Buffer over-write in finfo_open with malformed magic file. to PHP (IBB) - 1 upvotes, $1500
  161. Null Pointer Dereference in PHP Session Upload Progress to PHP (IBB) - 1 upvotes, $1500
  162. Negative size parameter in mb_split to PHP (IBB) - 1 upvotes, $1500
  163. Negative size parameter (-1) in memcpy mbfl_strcut to PHP (IBB) - 1 upvotes, $1000
  164. Stack-based buffer overflow vulnerability in php_stream_zip_opener to PHP (IBB) - 1 upvotes, $1000
  165. Heap Overflow Due To Integer Overflow to PHP (IBB) - 1 upvotes, $1000
  166. Invalid free in phar_extract_file() to PHP (IBB) - 1 upvotes, $1000
  167. Use-after-free vulnerability in SPL(SplObjectStorage, unserialize) to PHP (IBB) - 1 upvotes, $1000
  168. Use-after-free vulnerability in SPL(ArrayObject, unserialize) to PHP (IBB) - 1 upvotes, $1000
  169. openssl_seal() uninitialized memory usage to PHP (IBB) - 1 upvotes, $1000
  170. out of bounds read crashes php-cgi to PHP (IBB) - 1 upvotes, $500
  171. memcpy negative size parameter in php_resolve_path to PHP (IBB) - 1 upvotes, $500
  172. potential remote code execution with phar archive to PHP (IBB) - 1 upvotes, $500
  173. xml_parse_into_struct segmentation fault to PHP (IBB) - 1 upvotes, $500
  174. stack-buffer-overflow through "ResourceBundle" methods to PHP (IBB) - 1 upvotes, $500
  175. bcpowmod accepts negative scale and corrupts one definition to PHP (IBB) - 1 upvotes, $500
  176. get_icu_value_internal out-of-bounds read to PHP (IBB) - 1 upvotes, $500
  177. locale_accept_from_http out-of-bounds access to PHP (IBB) - 1 upvotes, $500
  178. Illegal write access through Locale methods to PHP (IBB) - 1 upvotes, $500
  179. CVE-2015-8874 Stack overflow with imagefilltoborder to PHP (IBB) - 1 upvotes, $500
  180. imagegif/output out-of-bounds access to PHP (IBB) - 1 upvotes, $500
  181. Integer underflow / arbitrary null write in fread/gzread to PHP (IBB) - 1 upvotes, $500
  182. Null pointer deref with ob_start with get_defined_vars to PHP (IBB) - 1 upvotes, $500
  183. Null pointer deref with ob_start with compact to PHP (IBB) - 1 upvotes, $500
  184. memory corruption while parsing HTTP response to PHP (IBB) - 1 upvotes, $500
  185. imagescale out-of-bounds read to PHP (IBB) - 1 upvotes, $500
  186. gdImageTrueColorToPaletteBody allows arbitrary write/read access to PHP (IBB) - 1 upvotes, $500
  187. wddx_deserialize null dereference to PHP (IBB) - 1 upvotes, $500
  188. NULL Pointer Dereference while unserialize php object to PHP (IBB) - 1 upvotes, $500
  189. Invalid read when wddx decodes empty boolean element to PHP (IBB) - 1 upvotes, $500
  190. NULL pointer dereference in SimpleXMLElement::asXML() to PHP (IBB) - 1 upvotes, $500
  191. crash in openssl_random_pseudo_bytes function to PHP (IBB) - 1 upvotes, $500
  192. missing NULL check in dom_document_save_html to PHP (IBB) - 1 upvotes, $500
  193. heap overflow in php_ereg_replace function to PHP (IBB) - 1 upvotes, $500
  194. crash in implode() function to PHP (IBB) - 1 upvotes, $500
  195. iconv() function missing string length check to PHP (IBB) - 1 upvotes, $500
  196. crash in bzcompress function to PHP (IBB) - 1 upvotes, $500
  197. crash in get_icu_value_internal function to PHP (IBB) - 1 upvotes, $500
  198. crash in locale_get_keywords() when keyword value in locale string too long to PHP (IBB) - 1 upvotes, $500
  199. another crash in locale_get_keywords function to PHP (IBB) - 1 upvotes, $500
  200. CachingIterator null dereference when convert to string to PHP (IBB) - 1 upvotes, $500
  201. Memory corruption in _php_math_number_format_ex() to PHP (IBB) - 1 upvotes, $500
  202. Heap overflow due to integer overflow in bzdecompress() function to PHP (IBB) - 1 upvotes, $500
  203. Memory corruption due to missing check size in _php_math_number_format_ex() to PHP (IBB) - 1 upvotes, $500
  204. Heap overflow due to integer overflow in pg_escape_string() function to PHP (IBB) - 1 upvotes, $500
  205. Heap overflow due to integer overflow in php_escape_html_entities_ex() function to PHP (IBB) - 1 upvotes, $500
  206. Invalid memory access in zend_strtod() function to PHP (IBB) - 1 upvotes, $500
  207. crash in simplestring_addn function to PHP (IBB) - 1 upvotes, $500
  208. Invalid memory access in spl_filesystem_dir_open function to PHP (IBB) - 1 upvotes, $500
  209. Invalid memory access in php_basename function to PHP (IBB) - 1 upvotes, $500
  210. Invalid memory access in spl_filesystem_info_set_filename function to PHP (IBB) - 1 upvotes, $500
  211. malloc negative size parameter to PHP (IBB) - 1 upvotes, $500
  212. php_snmp_parse_oid integer overflow in memory allocation to PHP (IBB) - 1 upvotes, $500
  213. gzuncompress does NOT check output string size which leads to an overflow to PHP (IBB) - 1 upvotes, $500
  214. gzdecode does NOT check output string size which leads to an overflow to PHP (IBB) - 1 upvotes, $500
  215. Missing type check when unserializing SplArray to PHP (IBB) - 1 upvotes, $500
  216. integer overflow in xml_utf8_encode to PHP (IBB) - 1 upvotes, $500
  217. Heap overflow in curl_escape to PHP (IBB) - 1 upvotes, $500
  218. Out of bound when verify signature of tar phar in phar_parse_tarfile to PHP (IBB) - 1 upvotes, $500
  219. Out of bound when verify signature of zip phar in phar_parse_zipfile to PHP (IBB) - 1 upvotes, $500
  220. Heap Overflow due to integer overflows to PHP (IBB) - 1 upvotes, $500
  221. Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow to PHP (IBB) - 1 upvotes, $500
  222. NULL Pointer Dereference at _gdScaleVert to PHP (IBB) - 1 upvotes, $500
  223. Integer Overflow in _gd2GetHeader() resulting in heap overflow to PHP (IBB) - 1 upvotes, $500
  224. Double Free Corruption in wddx.c (extension) to PHP (IBB) - 1 upvotes, $500
  225. _php_mb_regex_ereg_replace_exec - double free to PHP (IBB) - 1 upvotes, $500
  226. Multiple vulnerabilities related to PCRE functions (already fixed) to PHP (IBB) - 1 upvotes, $500
  227. An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. to PHP (IBB) - 1 upvotes, $500
  228. PHP-FPM fpm_log.c memory leak and buffer overflow to PHP (IBB) - 1 upvotes, $500
  229. An integer overflow bug in php_implode() could lead heap overflow, make PHP to crash to PHP (IBB) - 1 upvotes, $500
  230. Uninitialized read in gdImageCreateFromXbm to PHP (IBB) - 1 upvotes, $500
  231. DirectoryIterator class silently truncates after a null byte to PHP (IBB) - 1 upvotes, $500
  232. Out-of-bounds Read in php_strip_tags_ex to PHP (IBB) - 1 upvotes, $500
  233. PHP link() silently truncates after a null byte on Windows to PHP (IBB) - 1 upvotes, $500
  234. Use after free vulnerability in unserialize() to PHP (IBB) - 0 upvotes, $3000
  235. SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities to PHP (IBB) - 0 upvotes, $2500
  236. Locale::parseLocale Double Free to PHP (IBB) - 0 upvotes, $2500
  237. Free called on unitialized pointer in exif.c to PHP (IBB) - 0 upvotes, $2500
  238. SoapClient's __call() type confusion through unserialize() to PHP (IBB) - 0 upvotes, $2500
  239. ZIP Integer Overflow leads to writing past heap boundary to PHP (IBB) - 0 upvotes, $1500
  240. Integer overflow in ftp_genlist() resulting in heap overflow to PHP (IBB) - 0 upvotes, $1500
  241. PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free to PHP (IBB) - 0 upvotes, $1500
  242. SOAP serialize_function_call() type confusion / RCE to PHP (IBB) - 0 upvotes, $1500
  243. Uninitialized read in exif_process_IFD_in_MAKERNOTE to PHP (IBB) - 0 upvotes, $1500
  244. Uninitialized read in exif_process_IFD_in_TIFF to PHP (IBB) - 0 upvotes, $1500
  245. Buffer Over flow when parsing tar/zip/phar in phar_set_inode to PHP (IBB) - 0 upvotes, $1000
  246. Buffer Over-read in unserialize when parsing Phar to PHP (IBB) - 0 upvotes, $1000
  247. Buffer over-read in exif_read_data with TIFF IFD tag to PHP (IBB) - 0 upvotes, $1000
  248. Uninitialized pointer in phar_make_dirstream to PHP (IBB) - 0 upvotes, $1000
  249. Dangling pointer in the unserialization of ArrayObject items to PHP (IBB) - 0 upvotes, $1000
  250. Arbitrary code execution in str_ireplace function to PHP (IBB) - 0 upvotes, $1000
  251. Format string vulnerability in zend_throw_or_error() to PHP (IBB) - 0 upvotes, $1000
  252. Use After Free in sortWithSortKeys() to PHP (IBB) - 0 upvotes, $1000
  253. str_repeat() sign mismatch based memory corruption to PHP (IBB) - 0 upvotes, $500
  254. PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization to PHP (IBB) - 0 upvotes, $500
  255. Null pointer dereference in phar_get_fp_offset() to PHP (IBB) - 0 upvotes, $500
  256. Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER to PHP (IBB) - 0 upvotes, $500
  257. null pointer deref (segfault) in zend_eval_const_expr to PHP (IBB) - 0 upvotes, $500
  258. Null pointer deref (segfault) in spl_autoload via ob_start to PHP (IBB) - 0 upvotes, $500
  259. AddressSanitizer reports a global buffer overflow in mkgmtime() function to PHP (IBB) - 0 upvotes, $500
  260. Integer overflow in unserialize() (32-bits only) to PHP (IBB) - 0 upvotes, $500
  261. heap buffer overflow in enchant_broker_request_dict() to PHP (IBB) - 0 upvotes, $500
  262. curl_setopt_array() type confusion to PHP (IBB) - 0 upvotes, $500
  263. Files extracted from archive may be placed outside of destination directory to PHP (IBB) - 0 upvotes, $500
  264. invalid pointer free() in phar_tar_process_metadata() to PHP (IBB) - 0 upvotes, $500
  265. Memory Corruption in phar_parse_tarfile when entry filename starts with null to PHP (IBB) - 0 upvotes, $500
  266. Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow) to PHP (IBB) - 0 upvotes, $500
  267. Stack overflow when decompressing tar archives to PHP (IBB) - 0 upvotes, $500
  268. Use After Free in GC with Certain Destructors to PHP (IBB) - 0 upvotes, $500
  269. Use after free vulnerability in phar_parse_zipfile to PHP (IBB) - 0 upvotes, $500
  270. PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly to PHP (IBB) - 0 upvotes, $500