Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-2638
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and previous versions allows remote malicious users to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
1-script 1-book
1 EDB exploit
10
CVSSv2
CVE-2008-2480
PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote malicious users to execute arbitrary PHP code via a URL in the _pages_dir parameter.
Plusphp Plusphp Short Url Multi-user Script 1.6
1 EDB exploit
10
CVSSv2
CVE-2008-2481
PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.
Phpraider Phpraider 1.0.7a
Phpraider Phpraider 1.0.7
1 EDB exploit
10
CVSSv2
CVE-2008-2345
Unspecified vulnerability in the air_filemanager 0.6.0 and previous versions extension for TYPO3 allows remote malicious users to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."
Typo3 Air Filemanager
10
CVSSv2
CVE-2008-2192
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote malicious users to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
Itcms Itcms 1.9
1 EDB exploit
10
CVSSv2
CVE-2008-2050
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP prior to 5.2.6 has unknown impact and attack vectors.
Php Php 5.1.5
Php Php 5.1.2
Php Php 5.1.1
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.0.4
Php Php 5.2.3
Php Php 5.0.3
Php Php 5.1.0
Php Php
Php Php 5.2.0
Php Php 5.2.4
Php Php 5.1.3
Php Php 5.0.2
Php Php 5.2.1
10
CVSSv2
CVE-2008-2051
The escapeshellcmd API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
Php Php 5.1.5
Php Php 5.1.2
Php Php 5.1.1
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.0.4
Php Php 5.2.3
Php Php 5.0.3
Php Php 5.1.0
Php Php
Php Php 5.2.0
Php Php 5.2.4
Php Php 5.1.3
Php Php 5.0.2
Php Php 5.2.1
10
CVSSv2
CVE-2008-0599
The init_request_info function in sapi/cgi/cgi_main.c in PHP prior to 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote malicious users to execute arbitrary code via a crafted URI.
Php Php
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Apple Mac Os X Server
Apple Mac Os X
10
CVSSv2
CVE-2008-1989
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the e107path parameter.
E107 E107
123flashchat 123 Flash Chat Module 6.8.0
1 EDB exploit
10
CVSSv2
CVE-2008-0743
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the hlp parameter.
Joovili Joovili
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »