Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-2107
The GENERATE_SEED macro in PHP 4.x prior to 4.4.8 and 5.x prior to 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent malicious users to predict subsequent values of the ...
Php Php 5
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.5
Php Php 5.1.6
Php Php 5.0.1
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.4
Php Php
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.1.0
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.1.1
Php Php 5.1.2
Php Php 5.2.2
Php Php 5.2.3
7.5
CVSSv2
CVE-2002-0229
Safe Mode feature (safe_mode) in PHP 3.0 up to and including 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
Php Php 3.0.13
Php Php 3.0.16
Php Php 3.0.8
Php Php 3.0.9
Php Php 4.1.0
Php Php 4.1.2
Php Php 3.0.1
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.5
Php Php 4.0.3
Php Php 4.0.4
Php Php 3.0.11
Php Php 3.0.12
Php Php 3.0.6
Php Php 3.0.7
Php Php 4.0.5
Php Php 4.0.6
Php Php 3.0
Php Php 3.0.2
Php Php 3.0.3
Php Php 4.0
3 EDB exploits
5
CVSSv2
CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and previous versions allows context-dependent malicious users to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.0
Php Php 5.0.2
Php Php 5.0.1
Php Php 5.0.0
Php Php 5.2.6
Php Php 5.2.5
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.0.4
Php Php 5.0.3
Php Php
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.0.5
Php Php 5
Php Php 5.2.7
Php Php 5.2.4
Php Php 5.2.3
1 EDB exploit
5
CVSSv2
CVE-2004-1020
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote malicious users to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected b...
Php Php 4.3.7
Php Php 4.3.8
Php Php 5.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 4.3.6
Php Php 4.3.9
Php Php 5.0.0
1 EDB exploit
5
CVSSv2
CVE-2009-4418
The unserialize function in PHP 5.3.0 and previous versions allows context-dependent malicious users to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Php Php 5.2.11
Php Php 5.2.7
Php Php 5.2.9
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.0
Php Php 5.1.1
Php Php 5.2.1
Php Php 5.2.2
Php Php 5
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.2.5
5
CVSSv2
CVE-2004-1392
PHP 4.0 with cURL functions allows remote malicious users to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
Php Php 4.0
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.0.4
1 EDB exploit
5
CVSSv2
CVE-2006-1490
PHP prior to 5.1.3-RC1 might allow remote malicious users to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NO...
Php Php 4.3.9
Php Php 3.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 5.1.2
Php Php 4.2.0
Php Php 5.1.1
Php Php 3.0.1
Php Php 3.0.2
Php Php 5.0.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Php Php 3.0.8
Php Php 5.0.5
Php Php 4.3.6
Php Php 3.0.13
Php Php 5.0.1
Php Php 4.0.7
1 EDB exploit
4.3
CVSSv2
CVE-2009-2302
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.
Avatic Aardvark Topsites Php 5.0.3
Avatic Aardvark Topsites Php 5
Avatic Aardvark Topsites Php 5.1.2
Avatic Aardvark Topsites Php 4.0.2
Avatic Aardvark Topsites Php 4.2.2
Avatic Aardvark Topsites Php 4.1.1
Avatic Aardvark Topsites Php
1 EDB exploit
5
CVSSv2
CVE-2009-2304
index.php in Aardvark Topsites PHP 5.2.0 and previous versions allows remote malicious users to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
Avatic Aardvark Topsites Php
Avatic Aardvark Topsites Php 5.1.2
Avatic Aardvark Topsites Php 5.0.3
Avatic Aardvark Topsites Php 5
Avatic Aardvark Topsites Php 4.2.2
Avatic Aardvark Topsites Php 4.1.1
Avatic Aardvark Topsites Php 4.0.2
10
CVSSv2
CVE-2006-4812
Integer overflow in PHP 5 up to 5.1.6 and 4 prior to 4.3.0 allows remote malicious users to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function ...
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.2
Php Php 4.2.3
Php Php 5.1.5
Php Php 5.1.6
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »