Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 before 4.3.7 and 5.0.0 before 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater th...
Silverstripe Graphql
6.1
CVSSv3
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure the...
Sensiolabs Symfony
Sensiolabs Twig
6.5
CVSSv3
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 prior to 4.4.35 and versions 5.0.0 prior to 5.3.12 are vulnerable to CSV injection, ...
Sensiolabs Symfony
Fedoraproject Fedora 34
Fedoraproject Fedora 35
8.8
CVSSv3
CVE-2019-8942
WordPress prior to 4.9.9 and 5.x prior to 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by upl...
Wordpress Wordpress 5.0
Wordpress Wordpress
Debian Debian Linux 9.0
2 EDB exploits
7 Github repositories
9.8
CVSSv3
CVE-2017-17671
vBulletin up to and including 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ t...
Vbulletin Vbulletin 5.0.0
Vbulletin Vbulletin
7.5
CVSSv3
CVE-2017-7414
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition 5.x up to and including 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically veri...
Horde Groupware 5.1.0
Horde Groupware 5.2.1
Horde Groupware 5.2.2
Horde Groupware 5.0.0
Horde Groupware 5.0.4
Horde Groupware 5.0.5
Horde Groupware 5.1.5
Horde Groupware 5.2.0
Horde Groupware 5.2.7
Horde Groupware 5.0.2
Horde Groupware 5.0.3
Horde Groupware 5.1.3
Horde Groupware 5.1.4
Horde Groupware 5.2.5
Horde Groupware 5.2.6
Horde Groupware 5.0.1
Horde Groupware 5.1.1
Horde Groupware 5.1.2
Horde Groupware 5.2.3
Horde Groupware 5.2.4
7.5
CVSSv3
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.13
Php Php 5.2.14
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.3.11
Php Php 5.3.12
Php Php 5.3.2
Php Php 5.3.20
Php Php 5.3.27
Php Php 5.3.28
Php Php 5.3.9
Php Php 5.4.0
Php Php 5.4.13
Php Php 5.4.14
Php Php 5.4.19
Php Php 5.4.2
Php Php 5.4.26
NA
CVE-2015-7808
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 up to and including 5.1.9 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeAr...
Vbulletin Vbulletin 5.0.3
Vbulletin Vbulletin 5.0.4
Vbulletin Vbulletin 5.0.5
Vbulletin Vbulletin 5.1.0
Vbulletin Vbulletin 5.1.9
Vbulletin Vbulletin 5.0.0
Vbulletin Vbulletin 5.0.2
Vbulletin Vbulletin 5.1.2
Vbulletin Vbulletin 5.1.5
Vbulletin Vbulletin 5.1.7
Vbulletin Vbulletin 5.1.3
Vbulletin Vbulletin 5.1.4
Vbulletin Vbulletin 5.0.1
Vbulletin Vbulletin 5.1.1
Vbulletin Vbulletin 5.1.6
Vbulletin Vbulletin 5.1.8
2 EDB exploits
4 Github repositories
NA
CVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote malicious users to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP co...
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 5.4.0
Vtiger Vtiger Crm 6.0.0
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 5.0.1
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 5.3.0
1 EDB exploit
NA
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde prior to 5.1.1 allows remote malicious users to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Horde Horde Application Framework 5.0.4
Horde Horde Application Framework 5.0.2
Horde Horde Application Framework 5.0.1
Horde Horde Application Framework 5.0.0
Horde Horde Application Framework
Horde Horde Application Framework 5.0.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »