Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.6 vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2006-1017
The c-client library 2000, 2001, or 2004 for PHP prior to 4.4.4 and 5.x prior to 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote ma...
Php Php 3.0
Php Php 3.0.1
Php Php 3.0.17
Php Php 3.0.18
Php Php 3.0.8
Php Php 3.0.9
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.8
Php Php 4.3.9
Php Php 5.0.0
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.1.3
Php Php 5.1.4
Php Php 3.0.13
Php Php 3.0.14
7.8
CVSSv2
CVE-2007-1461
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP prior to 4.4.7, and 5.x prior to 5.2.2, does not implement safemode or open_basedir checks, which allows remote malicious users to read bzip2 archives located outside of the intended directories.
Php Php 5.0.5
Php Php 5.1.1
Php Php 5.1.6
Php Php 5.2.1
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.2
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.1.5
Php Php 5.0.4
Php Php 5.1.0
Php Php 5.2.0
Php Php
Php Php 4.3.4
Php Php 4.3.6
Php Php 4.3.0
Php Php 4.3.8
Php Php 4.4.3
Php Php 4.0
7.8
CVSSv2
CVE-2002-2309
php.exe in PHP 3.0 up to and including 4.2.2, when running on Apache, does not terminate properly, which allows remote malicious users to cause a denial of service via a direct request without arguments.
Php Php 3.0.1
Php Php 3.0.11
Php Php 3.0.16
Php Php 3.0.18
Php Php 3.0.8
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.6
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.2.1
Php Php 3.0.12
Php Php 3.0.13
Php Php 3.0.14
Php Php 3.0.15
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.2.2
Php Php 3.0.3
Php Php 3.0.4
Php Php 3.0.5
1 EDB exploit
7.5
CVSSv2
CVE-2020-15227
Nette versions prior to 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
Nette Application
Debian Debian Linux 9.0
4 Github repositories
7.5
CVSSv2
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
7.5
CVSSv2
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.3
7.5
CVSSv2
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 3.0.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.1.3
Spip Spip 2.0.8
Spip Spip 3.1.0
Spip Spip 3.0.20
Spip Spip 3.0.2
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.15
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.1.12
7.5
CVSSv2
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 3.0.1
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 2.1.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.7
Spip Spip 2.0.6
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 2.0.12
Spip Spip 2.0.11
Spip Spip 3.1.0
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.17
7.5
CVSSv2
CVE-2014-8350
Smarty prior to 3.1.21 allows remote malicious users to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Smarty Smarty 3.1.16
Smarty Smarty 3.1.15
Smarty Smarty 3.1.6
Smarty Smarty 3.1.5
Smarty Smarty 3.1.19
Smarty Smarty 3.1.18
Smarty Smarty 3.1.17
Smarty Smarty 3.1.8
Smarty Smarty 3.1.7
Smarty Smarty 3.1.10
Smarty Smarty 3.1.1
Smarty Smarty 3.0.2
Smarty Smarty 3.0.1
Smarty Smarty 3.0.0
Smarty Smarty 2.6.4
Smarty Smarty 2.6.3
Smarty Smarty 2.6.17
Smarty Smarty 2.6.16
Smarty Smarty 2.6.1
Smarty Smarty 2.6.0
Smarty Smarty 2.4.2
Smarty Smarty 2.4.1
7.5
CVSSv2
CVE-2013-4557
The Security Screen (_core_/securite/ecran_securite.php) prior to 1.1.8 for SPIP, as used in SPIP 3.0.x prior to 3.0.12, allows remote malicious users to execute arbitrary PHP via the connect parameter.
Spip Spip 3.0.0
Spip Spip 3.0.1
Spip Spip 3.0.8
Spip Spip 3.0.9
Spip Spip 3.0.4
Spip Spip 3.0.5
Spip Spip 3.0.2
Spip Spip 3.0.3
Spip Spip 3.0.10
Spip Spip 3.0.11
Spip Spip 3.0.6
Spip Spip 3.0.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »