Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 7.1.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-7479
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Php Php 7.1.0
Php Php 7.0.0
Php Php 7.0.3
Php Php 7.0.4
Php Php 7.0.1
Php Php 7.0.10
Php Php 7.0.5
Php Php 7.0.6
Php Php 7.0.11
Php Php 7.0.12
Php Php 7.0.7
Php Php 7.0.8
Php Php 7.0.14
Php Php 7.0.2
Php Php 7.0.9
8.8
CVSSv3
CVE-2004-1842
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x up to and including 7.1.0 allows remote malicious users to gain administrative privileges via an img tag with a URL to admin.php.
Phpnuke Php-nuke
1 EDB exploit
7.8
CVSSv3
CVE-2017-11628
In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...
Php Php
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.0.19
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.0.12
Php Php 7.0.13
Php Php 7.0.16
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.20
Php Php 7.0.15
Php Php 7.0.18
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
Php Php 7.0.17
Php Php 7.0.5
Php Php 7.0.10
Php Php 7.0.0
Php Php 7.0.6
7.5
CVSSv3
CVE-2017-11142
In PHP prior to 5.6.31, 7.x prior to 7.0.17, and 7.1.x prior to 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
Php Php 7.0.0
Php Php 7.0.1
Php Php 7.0.8
Php Php 7.0.9
Php Php 7.1.0
Php Php 7.1.1
Php Php 7.0.4
Php Php 7.0.5
Php Php 7.0.12
Php Php 7.0.13
Php Php
Php Php 7.0.6
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.15
Php Php 7.0.16
Php Php 7.0.2
Php Php 7.0.3
Php Php 7.0.10
Php Php 7.0.11
Php Php 7.1.2
7.5
CVSSv3
CVE-2017-11144
In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative n...
Php Php 7.1.0
Php Php 7.1.6
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.1.3
Php Php 7.1.5
Php Php 7.0.19
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.1.2
Php Php 7.0.12
Php Php 7.0.13
Php Php 7.0.16
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.20
Php Php 7.0.15
Php Php
Php Php 7.0.18
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
7.2
CVSSv3
CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, a...
Vtiger Vtiger Crm 7.1.0
Vtiger Vtiger Crm
6.1
CVSSv3
CVE-2017-5963
An issue exists in caddy (for TYPO3) prior to 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php"...
Caddy Project Caddy 2.1.4
Caddy Project Caddy 4.0.1
Caddy Project Caddy 4.0.3
Caddy Project Caddy 6.0.1
Caddy Project Caddy 6.1.0
Caddy Project Caddy 6.3.0
Caddy Project Caddy 6.0.2
Caddy Project Caddy 6.0.9
Caddy Project Caddy 6.0.12
Caddy Project Caddy 6.0.14
Caddy Project Caddy 2.1.5
Caddy Project Caddy 2.1.6
Caddy Project Caddy 3.0.0
Caddy Project Caddy 4.0.0
Caddy Project Caddy 6.3.3
Caddy Project Caddy 7.0.0
Caddy Project Caddy 7.1.0
Caddy Project Caddy 7.2.7
Caddy Project Caddy 4.0.2
Caddy Project Caddy 4.0.12
Caddy Project Caddy 6.2.1
Caddy Project Caddy 6.3.1
NA
CVE-2024-29514
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated malicious users to execute arbitrary code via uploading a crafted PHP file.
NA
CVE-2024-29515
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated malicious users to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
NA
CVE-2014-0103
WebAccess in Zarafa prior to 7.1.10 and WebApp prior to 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Fedoraproject Fedora 19
Zarafa Zarafa 7.0.10
Zarafa Zarafa 7.0.12
Zarafa Zarafa 7.0.7
Zarafa Zarafa 7.0.9
Zarafa Webapp
Zarafa Zarafa
Zarafa Zarafa 7.0
Zarafa Zarafa 7.0.1
Zarafa Zarafa 7.1.1
Zarafa Zarafa 7.0.2
Zarafa Zarafa 7.0.3
Zarafa Zarafa 7.0.4
Zarafa Zarafa 7.0.5
Zarafa Zarafa 7.1.2
Zarafa Zarafa 7.1.3
Zarafa Zarafa 7.1.4
Fedoraproject Fedora 20
Zarafa Zarafa 7.0.11
Zarafa Zarafa 7.0.13
Zarafa Zarafa 7.0.6
Zarafa Zarafa 7.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »