Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine up to and including 10.0r8a allows malicious users to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to ...
Extremenetworks Aerohive Netconfig
Extremenetworks Aerohive Netconfig 10.0r8a
1 Metasploit module
2 Github repositories
1000
VMScore
CVE-2014-5091
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
Status2k Status2k
1 EDB exploit
1000
VMScore
CVE-2017-17560
An issue exists on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device...
Westerndigital My Cloud Pr4100 Firmware 2.30.172
1 EDB exploit
1000
VMScore
CVE-2017-1092
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
Ibm Informix Open Admin Tool 12.1
Ibm Informix Open Admin Tool 11.7
Ibm Informix Open Admin Tool 11.5
2 EDB exploits
1000
VMScore
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
Tenable Appliance 3.10.0
Tenable Appliance 4.0.0
Tenable Appliance 4.4.0
Tenable Appliance 3.5.0
Tenable Appliance 4.1.0
Tenable Appliance 4.2.0
Tenable Appliance 4.3.0
Tenable Appliance 4.3.1
Tenable Appliance 3.5.1
Tenable Appliance 3.10.1
Tenable Appliance 3.4.0
1 EDB exploit
1000
VMScore
CVE-2016-1555
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 prior to 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 prior to 3.5.5.0 allow remote malicious users to execute arbitrary comm...
Netgear Wnap320 Firmware
Netgear Wndap350 Firmware
Netgear Wndap360 Firmware
Netgear Wndap210v2 Firmware
Netgear Wn604 Firmware
Netgear Wndap660 Firmware
Netgear Wn802tv2 Firmware
2 Metasploit modules
3 Github repositories
1000
VMScore
CVE-2016-5674
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 up to and including 3.0.0, NUUO NVRsolo 1.7.5 up to and including 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 up to and including 1.4.1 allows remote malicious users to execute arbitrary PHP code via the log parameter.
Netgear Readynas Surveillance 1.4.2
Netgear Readynas Surveillance 1.4.1
Netgear Readynas Surveillance 1.1.1
Netgear Readynas Surveillance 1.1.2
Netgear Readynas Surveillance 1.3.2.14
Netgear Readynas Surveillance 1.2.0.4
Netgear Readynas Surveillance 1.3.2.4
Netgear Readynas Surveillance 1.4.0
Nuuo Nvrmini 2 3.0.0
Nuuo Nvrmini 2 2.2.1
Nuuo Nvrmini 2 2.0.0
Nuuo Nvrmini 2 1.7.6
Nuuo Nvrmini 2 1.7.5
Nuuo Nvrsolo 2.3.9.6
Nuuo Nvrsolo 2.3.7.10
Nuuo Nvrsolo 2.0.0
Nuuo Nvrsolo 1.75
Nuuo Nvrsolo 3.0.0
Nuuo Nvrsolo 2.1.5
Nuuo Nvrsolo 2.0.1
Nuuo Nvrsolo 2.3.7.9
Nuuo Nvrsolo 2.3.1.20
1 EDB exploit
1 Article
1000
VMScore
CVE-2016-5675
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 up to and including 3.0.0, NUUO NVRsolo 1.0.0 up to and including 3.0.0, NUUO Crystal 2.2.1 up to and including 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 up to and including 1.4.1 allows remote malicious users to execute arbi...
Netgear Readynas Surveillance 1.4.1
Netgear Readynas Surveillance 1.1.1
Netgear Readynas Surveillance 1.3.2.4
Netgear Readynas Surveillance 1.4.0
Netgear Readynas Surveillance 1.4.2
Netgear Readynas Surveillance 1.1.2
Netgear Readynas Surveillance 1.3.2.14
Netgear Readynas Surveillance 1.2.0.4
Nuuo Crystal 2.2.1
Nuuo Crystal 3.2.0
Nuuo Crystal 3.1.0
Nuuo Crystal 3.0.0
Nuuo Nvrsolo 1.3.0
Nuuo Nvrsolo 1.2.0
Nuuo Nvrsolo 2.3.9.6
Nuuo Nvrsolo 2.3.7.10
Nuuo Nvrsolo 2.0.0
Nuuo Nvrsolo 1.75
Nuuo Nvrsolo 1.0.1
Nuuo Nvrsolo 1.0.0
Nuuo Nvrsolo 3.0.0
Nuuo Nvrsolo 2.1.5
1 EDB exploit
1 Article
1000
VMScore
CVE-2016-5678
NUUO NVRmini 2 1.0.0 up to and including 3.0.0 and NUUO NVRsolo 1.0.0 up to and including 3.0.0 have hardcoded root credentials, which allows remote malicious users to obtain administrative access via unspecified vectors.
Nuuo Nvrmini 2 1.6.2
Nuuo Nvrmini 2 1.6.1
Nuuo Nvrmini 2 1.1.0
Nuuo Nvrmini 2 1.0.0
Nuuo Nvrmini 2 3.0.0
Nuuo Nvrmini 2 1.7.0
Nuuo Nvrmini 2 1.6.4
Nuuo Nvrmini 2 1.3.2
Nuuo Nvrmini 2 1.3.0
Nuuo Nvrmini 2 1.6.0
Nuuo Nvrmini 2 1.5.2
Nuuo Nvrmini 2 2.2.1
Nuuo Nvrmini 2 2.0.0
Nuuo Nvrmini 2 1.7.2
Nuuo Nvrmini 2 1.7.1
Nuuo Nvrmini 2 1.5.1
Nuuo Nvrmini 2 1.4.0
Nuuo Nvrmini 2 1.7.6
Nuuo Nvrmini 2 1.7.5
Nuuo Nvrsolo 1.2.0
Nuuo Nvrsolo 1.1.2
Nuuo Nvrsolo 2.3.9.6
1 EDB exploit
1 Article
1000
VMScore
CVE-2015-8617
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x prior to 7.0.1 allows remote malicious users to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handli...
Php Php 7.0.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »