Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.2 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-6868
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.
Groupon Clone Script Project Groupon Clone Script 3.0.2
9.8
CVSSv3
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.3
9.8
CVSSv3
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 3.0.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.1.3
Spip Spip 2.0.8
Spip Spip 3.1.0
Spip Spip 3.0.20
Spip Spip 3.0.2
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.15
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.1.12
9.8
CVSSv3
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 3.0.1
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 2.1.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.7
Spip Spip 2.0.6
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 2.0.12
Spip Spip 2.0.11
Spip Spip 3.1.0
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.17
NA
CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 allow remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
Joomla Joomla\\! 2.5.2
Joomla Joomla\\! 2.5.3
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.19
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.27
Joomla Joomla\\! 2.5.28
Joomla Joomla\\! 3.1.3
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 3.2.4
Joomla Joomla\\! 3.3.0
2 EDB exploits
20 Github repositories
NA
CVE-2015-5646
Cybozu Garoon 3.x up to and including 3.7.5 and 4.x up to and including 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
Cybozu Garoon 3.0.0
Cybozu Garoon 3.7.0
Cybozu Garoon 3.7.1
Cybozu Garoon 3.7.2
Cybozu Garoon 3.7.3
Cybozu Garoon 3.0.1
Cybozu Garoon 3.0.3
Cybozu Garoon 3.1.1
Cybozu Garoon 3.5.2
Cybozu Garoon 3.5.4
Cybozu Garoon 3.7.5
Cybozu Garoon 4.0.1
Cybozu Garoon 3.1.2
Cybozu Garoon 3.1.3
Cybozu Garoon 3.5.0
Cybozu Garoon 3.5.1
Cybozu Garoon 4.0.2
Cybozu Garoon 4.0.3
Cybozu Garoon 3.0.2
Cybozu Garoon 3.1.0
Cybozu Garoon 3.5.3
Cybozu Garoon 3.5.5
NA
CVE-2015-5647
The RSS Reader component in Cybozu Garoon 3.x up to and including 3.7.5 and 4.x up to and including 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
Cybozu Garoon 3.1.2
Cybozu Garoon 3.1.3
Cybozu Garoon 3.5.0
Cybozu Garoon 3.5.1
Cybozu Garoon 4.0.2
Cybozu Garoon 4.0.3
Cybozu Garoon 3.0.1
Cybozu Garoon 3.0.3
Cybozu Garoon 3.1.1
Cybozu Garoon 3.5.2
Cybozu Garoon 3.5.4
Cybozu Garoon 3.7.5
Cybozu Garoon 4.0.1
Cybozu Garoon 3.0.0
Cybozu Garoon 3.7.0
Cybozu Garoon 3.7.1
Cybozu Garoon 3.7.2
Cybozu Garoon 3.7.3
Cybozu Garoon 3.0.2
Cybozu Garoon 3.1.0
Cybozu Garoon 3.5.3
Cybozu Garoon 3.5.5
NA
CVE-2014-8350
Smarty prior to 3.1.21 allows remote malicious users to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Smarty Smarty 3.1.16
Smarty Smarty 3.1.15
Smarty Smarty 3.1.6
Smarty Smarty 3.1.5
Smarty Smarty 3.1.19
Smarty Smarty 3.1.18
Smarty Smarty 3.1.17
Smarty Smarty 3.1.8
Smarty Smarty 3.1.7
Smarty Smarty 3.1.10
Smarty Smarty 3.1.1
Smarty Smarty 3.0.2
Smarty Smarty 3.0.1
Smarty Smarty 3.0.0
Smarty Smarty 2.6.4
Smarty Smarty 2.6.3
Smarty Smarty 2.6.17
Smarty Smarty 2.6.16
Smarty Smarty 2.6.1
Smarty Smarty 2.6.0
Smarty Smarty 2.4.2
Smarty Smarty 2.4.1
NA
CVE-2014-2044
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud prior to 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) synt...
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.6
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.10
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.16
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.5.2
Owncloud Owncloud
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.15
1 EDB exploit
NA
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.5.4
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud
Owncloud Owncloud 4.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »