Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.2 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-6868
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.
Groupon Clone Script Project Groupon Clone Script 3.0.2
7.5
CVSSv2
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 2.8.2
7.5
CVSSv2
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Spip Spip 2.1.15
Spip Spip 3.0.3
Spip Spip 2.1.8
Spip Spip 2.0.0
Spip Spip 2.0.3
Spip Spip 2.0.6
Spip Spip 2.0.10
Spip Spip 3.0.8
Spip Spip 3.0.19
Spip Spip 2.1.17
Spip Spip 2.0.19
Spip Spip 2.1.4
Spip Spip 3.0.4
Spip Spip 3.0.7
Spip Spip 2.0.12
Spip Spip 2.1.2
Spip Spip 2.0.16
Spip Spip 2.1.18
Spip Spip 2.1.5
Spip Spip 2.1.13
7.5
CVSSv2
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 2.1.15
Spip Spip 3.0.3
Spip Spip 2.1.8
Spip Spip 2.0.0
Spip Spip 2.0.3
Spip Spip 2.0.6
Spip Spip 2.0.10
Spip Spip 3.0.8
Spip Spip 3.0.19
Spip Spip 2.1.17
Spip Spip 2.0.19
Spip Spip 2.1.4
Spip Spip 3.0.4
Spip Spip 3.0.7
Spip Spip 2.1.19
Spip Spip 2.0.12
Spip Spip 2.1.2
Spip Spip 2.0.16
Spip Spip 2.1.18
Spip Spip 2.1.5
Spip Spip 2.1.13
Spip Spip 2.1.16
7.5
CVSSv2
CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 allow remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla Joomla! 1.6.4
Joomla Joomla! 2.5.19
Joomla Joomla! 2.5.7
Joomla Joomla! 2.5.17
Joomla Joomla! 1.5.24
Joomla Joomla! 3.1.4
Joomla Joomla! 3.1.3
Joomla Joomla! 1.7.1
Joomla Joomla! 3.3.3
Joomla Joomla! 2.5.25
Joomla Joomla! 1.5.26
Joomla Joomla! 1.5.11
Joomla Joomla! 3.2.1
Joomla Joomla! 1.5.25
Joomla Joomla! 1.6.3
Joomla Joomla! 1.5.13
Joomla Joomla! 2.5.22
Joomla Joomla! 3.4.4
Joomla Joomla! 1.5.3
Joomla Joomla! 3.4.2
Joomla Joomla! 3.3.4
Joomla Joomla! 2.5.8
2 EDB exploits
20 Github repositories
8.5
CVSSv2
CVE-2015-5646
Cybozu Garoon 3.x up to and including 3.7.5 and 4.x up to and including 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
Cybozu Garoon 3.0.2
Cybozu Garoon 3.5.5
Cybozu Garoon 4.0.3
Cybozu Garoon 3.5.1
Cybozu Garoon 4.0.0
Cybozu Garoon 3.1.1
Cybozu Garoon 3.7.4
Cybozu Garoon 3.7.2
Cybozu Garoon 3.5.3
Cybozu Garoon 3.0.0
Cybozu Garoon 3.5.0
Cybozu Garoon 3.0.3
Cybozu Garoon 3.7.0
Cybozu Garoon 3.1.0
Cybozu Garoon 3.5.2
Cybozu Garoon 4.0.1
Cybozu Garoon 3.7.5
Cybozu Garoon 3.1.3
Cybozu Garoon 4.0.2
Cybozu Garoon 3.0.1
Cybozu Garoon 3.7.1
Cybozu Garoon 3.1.2
8.5
CVSSv2
CVE-2015-5647
The RSS Reader component in Cybozu Garoon 3.x up to and including 3.7.5 and 4.x up to and including 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
Cybozu Garoon 3.0.2
Cybozu Garoon 3.5.5
Cybozu Garoon 4.0.3
Cybozu Garoon 3.5.1
Cybozu Garoon 4.0.0
Cybozu Garoon 3.1.1
Cybozu Garoon 3.7.4
Cybozu Garoon 3.7.2
Cybozu Garoon 3.5.3
Cybozu Garoon 3.0.0
Cybozu Garoon 3.5.0
Cybozu Garoon 3.0.3
Cybozu Garoon 3.7.0
Cybozu Garoon 3.1.0
Cybozu Garoon 3.5.2
Cybozu Garoon 4.0.1
Cybozu Garoon 3.7.5
Cybozu Garoon 3.1.3
Cybozu Garoon 4.0.2
Cybozu Garoon 3.0.1
Cybozu Garoon 3.7.1
Cybozu Garoon 3.1.2
7.5
CVSSv2
CVE-2014-8350
Smarty prior to 3.1.21 allows remote malicious users to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Smarty Smarty 1.4.3
Smarty Smarty 1.0
Smarty Smarty 1.0b
Smarty Smarty 2.3.1
Smarty Smarty 3.0.0
Smarty Smarty 2.6.0
Smarty Smarty 2.6.25
Smarty Smarty 3.0.5
Smarty Smarty 1.4.0
Smarty Smarty 1.4.5
Smarty Smarty 2.6.1
Smarty Smarty 2.6.7
Smarty Smarty 2.6.20
Smarty Smarty 2.3.0
Smarty Smarty 1.0a
Smarty Smarty 1.1.0
Smarty Smarty 2.6.15
Smarty Smarty 2.6.3
Smarty Smarty 2.6.14
Smarty Smarty 3.1.1
Smarty Smarty 2.5.0
Smarty Smarty 1.2.1
7.5
CVSSv2
CVE-2014-2044
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud prior to 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) synt...
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.5.12
Owncloud Owncloud 4.0.11
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.0.13
Owncloud Owncloud 4.5.11
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.9
Owncloud Owncloud 4.0.14
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.16
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.0.2
Owncloud Owncloud 3.0.0
1 EDB exploit
6.5
CVSSv2
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.5.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.0.2
Owncloud Owncloud 3.0.0
Owncloud Owncloud 3.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.5
Owncloud Owncloud 3.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »