Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-10580
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary PHP code on the server as the user running the application.
Invigo Automatic Device Management
785
VMScore
CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
Freebsd Freebsd 8.2
Apple Mac Os X
Openbsd Openbsd 5.0
Php Php
1 EDB exploit
445
VMScore
CVE-2010-4657
PHP5 prior to 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
Php Php
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5.0
Debian Debian Linux 8.0
668
VMScore
CVE-2015-8980
The plural form formula in ngettext family of calls in php-gettext prior to 1.0.12 allows remote malicious users to execute arbitrary code.
Php-gettext Project Php-gettext
Opensuse Leap 42.2
Opensuse Leap 42.1
Redhat Enterprise Linux 5.0
Fedoraproject Fedora 24
668
VMScore
CVE-2019-14746
A issue exists in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
Kuaifan Kuaifancms 5.0
662
VMScore
CVE-2019-8942
WordPress prior to 4.9.9 and 5.x prior to 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by upl...
Wordpress Wordpress
Wordpress Wordpress 5.0
Debian Debian Linux 9.0
2 EDB exploits
7 Github repositories
490
VMScore
CVE-2018-20147
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
446
VMScore
CVE-2018-20151
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
312
VMScore
CVE-2018-20153
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
312
VMScore
CVE-2018-20149
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »