Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-20147
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.5
CVSSv3
CVE-2018-20152
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could bypass intended restrictions on post types via crafted input.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2018-20150
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.4
CVSSv3
CVE-2018-20149
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.4
CVSSv3
CVE-2018-20153
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
NA
CVE-2015-7808
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 up to and including 5.1.9 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeAr...
Vbulletin Vbulletin 5.0.3
Vbulletin Vbulletin 5.0.4
Vbulletin Vbulletin 5.0.5
Vbulletin Vbulletin 5.1.0
Vbulletin Vbulletin 5.1.9
Vbulletin Vbulletin 5.0.0
Vbulletin Vbulletin 5.0.2
Vbulletin Vbulletin 5.1.2
Vbulletin Vbulletin 5.1.5
Vbulletin Vbulletin 5.1.7
Vbulletin Vbulletin 5.1.3
Vbulletin Vbulletin 5.1.4
Vbulletin Vbulletin 5.0.1
Vbulletin Vbulletin 5.1.1
Vbulletin Vbulletin 5.1.6
Vbulletin Vbulletin 5.1.8
2 EDB exploits
4 Github repositories
NA
CVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote malicious users to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP co...
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 5.4.0
Vtiger Vtiger Crm 6.0.0
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 5.0.1
Vtiger Vtiger Crm 5.2.0
Vtiger Vtiger Crm 5.3.0
1 EDB exploit
NA
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde prior to 5.1.1 allows remote malicious users to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Horde Horde Application Framework 5.0.4
Horde Horde Application Framework 5.0.2
Horde Horde Application Framework 5.0.1
Horde Horde Application Framework 5.0.0
Horde Horde Application Framework
Horde Horde Application Framework 5.0.3
1 EDB exploit
NA
CVE-2013-2089
Incomplete blacklist vulnerability in ownCloud prior to 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.
Owncloud Owncloud 5.0.0
Owncloud Owncloud 5.0.1
Owncloud Owncloud 5.0.2
Owncloud Owncloud 5.0.3
Owncloud Owncloud
Owncloud Owncloud 5.0.4
NA
CVE-2012-1171
The libxml RSHUTDOWN function in PHP 5.x allows remote malicious users to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.1.0
Php Php 5.2.14
Php Php 5.2.15
Php Php 5.2.16
Php Php 5.2.17
Php Php 5.3.13
Php Php 5.3.14
Php Php 5.3.15
Php Php 5.3.16
Php Php 5.3.4
Php Php 5.3.5
Php Php 5.3.6
Php Php 5.3.7
Php Php 5.4.14
Php Php 5.4.15
Php Php 5.4.16
Php Php 5.4.17
Php Php 5.4.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »