Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 7.0.4 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
9.8
CVSSv3
CVE-2016-7479
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Php Php 7.1.0
Php Php 7.0.0
Php Php 7.0.3
Php Php 7.0.4
Php Php 7.0.1
Php Php 7.0.10
Php Php 7.0.5
Php Php 7.0.6
Php Php 7.0.11
Php Php 7.0.12
Php Php 7.0.7
Php Php 7.0.8
Php Php 7.0.14
Php Php 7.0.2
Php Php 7.0.9
9.8
CVSSv3
CVE-2016-3132
Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x prior to 7.0.6 allows remote malicious users to execute arbitrary code via a crafted index.
Php Php 7.0.5
Php Php 7.0.0
Php Php 7.0.1
Php Php 7.0.2
Php Php 7.0.3
Php Php 7.0.4
9.8
CVSSv3
CVE-2016-4344
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP prior to 7.0.4 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.
Php Php
9.8
CVSSv3
CVE-2016-4345
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP prior to 7.0.4 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
Php Php
9.8
CVSSv3
CVE-2016-4346
Integer overflow in the str_pad function in ext/standard/string.c in PHP prior to 7.0.4 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
Php Php
Opensuse Leap 42.1
Opensuse Opensuse 13.2
9.8
CVSSv3
CVE-2016-4071
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5 allows remote malicious users to execute arbitrary code via format string specifiers in an SNMP::get call.
Php Php 5.6.1
Php Php 5.6.0
Php Php 5.6.5
Php Php 5.6.12
Php Php 5.6.13
Php Php 5.6.4
Php Php 5.6.6
Php Php 5.6.18
Php Php 5.6.11
Php Php 5.6.2
Php Php 5.6.10
Php Php 5.6.7
Php Php 5.6.15
Php Php 5.6.17
Php Php 5.6.16
Php Php 5.6.9
Php Php 5.6.3
Php Php 5.6.8
Php Php 5.6.14
Php Php 5.6.19
Apple Mac Os X
Php Php 5.5.0
1 EDB exploit
8.6
CVSSv3
CVE-2016-5093
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP prior to 5.5.36, 5.6.x prior to 5.6.22, and 7.x prior to 7.0.7 does not ensure the presence of a '\0' character, which allows remote malicious users to cause a denial of service (out-of-bound...
Php Php 5.6.2
Php Php 5.6.19
Php Php 7.0.6
Php Php 5.6.18
Php Php 5.6.6
Php Php 5.6.7
Php Php 5.6.0
Php Php 5.6.1
Php Php 7.0.0
Php Php 7.0.1
Php Php 5.6.17
Php Php 5.6.16
Php Php 5.6.15
Php Php 5.6.8
Php Php 5.6.9
Php Php
Php Php 7.0.2
Php Php 7.0.3
Php Php 5.6.14
Php Php 5.6.3
Php Php 5.6.13
Php Php 5.6.12
7.8
CVSSv3
CVE-2017-11628
In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...
Php Php
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.0.19
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.0.12
Php Php 7.0.13
Php Php 7.0.16
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.20
Php Php 7.0.15
Php Php 7.0.18
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
Php Php 7.0.17
Php Php 7.0.5
Php Php 7.0.10
Php Php 7.0.0
Php Php 7.0.6
7.5
CVSSv3
CVE-2016-10397
In PHP prior to 5.6.28 and 7.x prior to 7.0.13, incorrect handling of various URI components in the URL parser could be used by malicious users to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example....
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.0.12
Php Php
Php Php 7.0.7
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
Php Php 7.0.5
Php Php 7.0.10
Php Php 7.0.0
Php Php 7.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »