Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.2.7 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2008-5844
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent malicious users to conduct SQL injection attacks and un...
Php Php 5.2.7
445
VMScore
CVE-2009-1272
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x prior to 5.2.9 allows context-dependent malicious users to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
Php Php 5.2.5
Php Php 5.2.0
Php Php 5.2.2
Php Php 5.2.7
Php Php 5.2.4
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.2.3
Php Php 5.2.1
445
VMScore
CVE-2009-1271
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x prior to 5.2.9 allows remote malicious users to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.5
Php Php 5.2.7
Php Php 5.2.6
Php Php 5.2.0
Php Php 5.2.8
645
VMScore
CVE-2010-1128
The Linear Congruential Generator (LCG) in PHP prior to 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent malicious users to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniq...
Php Php 5.2.9
Php Php 5.2.8
Php Php 5.2.0
Php Php 5.2.11
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.3
Php Php 5.2.2
Php Php
Php Php 5.2.5
Php Php 5.2.4
Php Php 5.2.7
Php Php 5.2.6
1 EDB exploit
668
VMScore
CVE-2010-1129
The safe_mode implementation in PHP prior to 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent malicious users to bypass intended access restrictions via vectors related to use of the tempnam function.
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.12
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.10
Php Php 5.2.11
445
VMScore
CVE-2010-2093
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 prior to 5.2.13 and 5.3 prior to 5.3.2 allows context-dependent malicious users to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.10
Php Php 5.2.11
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.2.12
Php Php 5.3.0
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.2.6
Php Php 5.2.7
Php Php 5.3.1
445
VMScore
CVE-2010-1914
The Zend Engine in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_funct...
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.7
Php Php 5.3.2
Php Php 5.2.12
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.2.11
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.8
Php Php 5.2.9
445
VMScore
CVE-2010-1915
The preg_quote function in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by...
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.3.2
Php Php 5.2.12
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.10
Php Php 5.2.11
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.2.9
668
VMScore
CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x up to and including 5.3.2 allows remote malicious users to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
Php Php 5.2.6
Php Php 5.2.7
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.10
Php Php 5.2.11
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.3.0
445
VMScore
CVE-2010-3065
The default session serializer in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent malicious users to modify arbitrary session variables via a crafted session variable name.
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.13
Php Php 5.3.0
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.9
Php Php 5.2.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »