Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.1.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-2497
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated malicious users to ex...
Userproplugin Userpro
7.5
CVSSv3
CVE-2018-19784
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for malicious users to calculate the authorization data needed for local file inclusion.
Php-proxy Php-proxy 5.1.0
7.5
CVSSv3
CVE-2018-19246
PHP-Proxy 5.1.0 allows remote malicious users to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default confi...
Php-proxy Php-proxy 5.1.0
1 EDB exploit
2 Github repositories
7.5
CVSSv3
CVE-2017-7414
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition 5.x up to and including 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically veri...
Horde Groupware 5.0.2
Horde Groupware 5.1.5
Horde Groupware 5.1.1
Horde Groupware 5.0.0
Horde Groupware 5.1.0
Horde Groupware 5.2.0
Horde Groupware 5.2.1
Horde Groupware 5.2.5
Horde Groupware 5.2.2
Horde Groupware 5.0.5
Horde Groupware 5.1.3
Horde Groupware 5.1.2
Horde Groupware 5.2.3
Horde Groupware 5.1.4
Horde Groupware 5.2.4
Horde Groupware 5.0.4
Horde Groupware 5.0.3
Horde Groupware 5.2.6
Horde Groupware 5.0.1
Horde Groupware 5.2.7
7.5
CVSSv3
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Php Php 5.6.1
Php Php 5.5.36
Php Php 5.5.0
Php Php 5.6.0
Php Php 5.5.34
Php Php 5.2.9
Php Php 5.4.12
Php Php 5.3.10
Php Php 7.0.11
Php Php 5.3.27
Php Php 5.1.5
Php Php 5.5.19
Php Php 7.0.4
Php Php 5.4.15
Php Php 5.6.12
Php Php 5.5.25
Php Php 5.3.6
Php Php 5.6.26
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.6.24
Php Php 5.4.44
6.1
CVSSv3
CVE-2018-19785
PHP-Proxy up to and including 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
Php-proxy Php-proxy
NA
CVE-2015-7808
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 up to and including 5.1.9 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeAr...
Vbulletin Vbulletin 5.0.0
Vbulletin Vbulletin 5.1.8
Vbulletin Vbulletin 5.0.5
Vbulletin Vbulletin 5.1.2
Vbulletin Vbulletin 5.1.0
Vbulletin Vbulletin 5.1.6
Vbulletin Vbulletin 5.1.7
Vbulletin Vbulletin 5.1.3
Vbulletin Vbulletin 5.0.3
Vbulletin Vbulletin 5.0.2
Vbulletin Vbulletin 5.1.9
Vbulletin Vbulletin 5.1.5
Vbulletin Vbulletin 5.0.1
Vbulletin Vbulletin 5.1.4
Vbulletin Vbulletin 5.1.1
Vbulletin Vbulletin 5.0.4
2 EDB exploits
4 Github repositories
NA
CVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote malicious users to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP co...
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.1
Vtiger Vtiger Crm 5.3.0
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 6.0.0
Vtiger Vtiger Crm 5.4.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 4.0.1
1 EDB exploit
NA
CVE-2012-1171
The libxml RSHUTDOWN function in PHP 5.x allows remote malicious users to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
Php Php 5.5.0
Php Php 5.2.9
Php Php 5.4.12
Php Php 5.3.10
Php Php 5.3.27
Php Php 5.1.5
Php Php 5.4.15
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.3.18
Php Php 5.4.19
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.5.1
Php Php 5.3.24
Php Php 5.3.15
Php Php 5.3.8
NA
CVE-2011-4718
Session fixation vulnerability in the Sessions subsystem in PHP prior to 5.5.2 allows remote malicious users to hijack web sessions by specifying a session ID.
Php Php 5.5.0
Php Php 5.2.9
Php Php 5.4.12
Php Php 5.3.10
Php Php 5.3.27
Php Php 5.1.5
Php Php 5.4.15
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.3.18
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.3.24
Php Php 5.3.15
Php Php 5.3.8
Php Php 5.2.7
Php Php 5.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »