Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 6.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-1287
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote malicious users to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3...
Php Php 4.4.6
Php Php 6.0
Php Php 4.4.4
Php Php 4.4.5
1 EDB exploit
5
CVSSv2
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the filename in the administration/db_backups dire...
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 6.0
1 EDB exploit
2.6
CVSSv2
CVE-2006-4673
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and previous versions uses the extract function on the superglobals, which allows remote malicious users to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
Php Fusion Php Fusion 6.0.105
Php Fusion Php Fusion 6.0.106
Php Fusion Php Fusion 6.0.306
Php Fusion Php Fusion 6.0.307
Php Fusion Php Fusion 6.0.110
Php Fusion Php Fusion 6.0.204
Php Fusion Php Fusion 6.0.206
Php Fusion Php Fusion 6.0.107
Php Fusion Php Fusion 6.0.109
Php Fusion Php Fusion
Php Fusion Php Fusion 6.0.303
Php Fusion Php Fusion 6.0.304
1 EDB exploit
4.3
CVSSv2
CVE-2005-4516
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 up to and including 6.00.300 allow remote malicious users to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.
Php Fusion Php Fusion 6.00.200
Php Fusion Php Fusion 6.00.204
Php Fusion Php Fusion 6.00.207
Php Fusion Php Fusion 6.00.300
Php Fusion Php Fusion 6.00.205
Php Fusion Php Fusion 6.00.206
1 EDB exploit
4.3
CVSSv2
CVE-2005-2783
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and previous versions allows remote malicious users to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.
Php Fusion Php Fusion 6.0.105
Php Fusion Php Fusion 6.0.106
Php Fusion Php Fusion 6.0.107
Php Fusion Php Fusion 4.00
Php Fusion Php Fusion 4.01
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 5.01 Service Pack
1 EDB exploit
4.3
CVSSv2
CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 up to and including 6.0 allows remote malicious users to inject arbitrary web script or HTML via the user_avatar parameter.
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.4
Francisco Burzi Php-nuke 5.5
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
1 EDB exploit
2.6
CVSSv2
CVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x up to and including 6.5 allows remote malicious users to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 6.0
4.3
CVSSv2
CVE-2010-2531
The var_export function in PHP 5.2 prior to 5.2.14 and 5.3 prior to 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote malicious users to obtain sensitive information by causing the application to exceed...
Php Php
Debian Debian Linux 5.0
Debian Debian Linux 6.0
7.5
CVSSv2
CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote malicious users to execute arbitrary SQL commands via the days parameter to the search module.
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
1 EDB exploit
4.3
CVSSv2
CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 up to and including 6.5 final allows remote malicious users to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 6.5
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.5 Final
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »