Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 7.0.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-11144
In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative n...
Php Php 7.1.0
Php Php 7.1.6
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.1.3
Php Php 7.1.5
Php Php 7.0.19
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.1.2
Php Php 7.0.12
Php Php 7.0.13
Php Php 7.0.16
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.20
Php Php 7.0.15
Php Php
Php Php 7.0.18
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
7.5
CVSSv3
CVE-2016-10397
In PHP prior to 5.6.28 and 7.x prior to 7.0.13, incorrect handling of various URI components in the URL parser could be used by malicious users to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example....
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.0.12
Php Php
Php Php 7.0.7
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
Php Php 7.0.5
Php Php 7.0.10
Php Php 7.0.0
Php Php 7.0.6
7.5
CVSSv3
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.13
Php Php 5.2.14
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.3.11
Php Php 5.3.12
Php Php 5.3.2
Php Php 5.3.20
Php Php 5.3.27
Php Php 5.3.28
Php Php 5.3.9
Php Php 5.4.0
Php Php 5.4.13
Php Php 5.4.14
Php Php 5.4.19
Php Php 5.4.2
Php Php 5.4.26
7.5
CVSSv3
CVE-2016-9934
ext/wddx/wddx.c in PHP prior to 5.6.28 and 7.x prior to 7.0.13 allows remote malicious users to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
Php Php 7.0.4
Php Php 7.0.5
Php Php
Php Php 7.0.0
Php Php 7.0.1
Php Php 7.0.8
Php Php 7.0.9
Php Php 7.0.6
Php Php 7.0.7
Php Php 7.0.2
Php Php 7.0.3
Php Php 7.0.10
Php Php 7.0.11
Php Php 7.0.12
7.1
CVSSv3
CVE-2016-3185
The make_http_soap_request function in ext/soap/php_http.c in PHP prior to 5.4.44, 5.5.x prior to 5.5.28, 5.6.x prior to 5.6.12, and 7.x prior to 7.0.4 allows remote malicious users to obtain sensitive information from process memory or cause a denial of service (type confusion a...
Php Php 5.6.1
Php Php 5.6.0
Php Php 5.6.5
Php Php 5.6.4
Php Php 5.6.6
Php Php 5.6.11
Php Php 5.6.2
Php Php 5.6.10
Php Php 5.6.7
Php Php 5.6.9
Php Php 5.6.3
Php Php 5.6.8
Php Php
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.0.2
Php Php 7.0.0
Php Php 5.5.0
Php Php 5.5.19
Php Php 5.5.25
Php Php 5.5.16
Php Php 5.5.1
6.5
CVSSv3
CVE-2016-6292
The exif_process_user_comment function in ext/exif/exif.c in PHP prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
Php Php 5.6.1
Php Php 5.6.0
Php Php 5.6.5
Php Php 7.0.4
Php Php 5.6.12
Php Php 5.6.13
Php Php 5.6.4
Php Php 7.0.3
Php Php 5.6.6
Php Php 7.0.1
Php Php 5.6.18
Php Php 5.6.11
Php Php 5.6.2
Php Php 5.6.10
Php Php
Php Php 5.6.7
Php Php 5.6.21
Php Php 5.6.15
Php Php 5.6.20
Php Php 7.0.2
Php Php 5.6.17
Php Php 5.6.16
NA
CVE-2015-4717
The filename sanitization component in ownCloud Server prior to 6.0.8, 7.0.x prior to 7.0.6, and 8.0.x prior to 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote malicious users to cause a denial of service (infinite loop and log file co...
Owncloud Owncloud 7.0.1
Owncloud Owncloud 7.0.3
Owncloud Owncloud 7.0.5
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.0.2
Owncloud Owncloud 8.0.3
Owncloud Owncloud 7.0.2
Owncloud Owncloud 7.0.4
Owncloud Owncloud
Owncloud Owncloud 7.0.0
NA
CVE-2015-3011
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition prior to 5.0.19, 6.x prior to 6.0.7, and 7.x prior to 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
Owncloud Owncloud
Debian Debian Linux 7.0
NA
CVE-2015-3012
Multiple cross-site scripting (XSS) vulnerabilities in WebODF prior to 0.5.5, as used in ownCloud, allow remote malicious users to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
Debian Debian Linux 7.0
Kogmbh Webodf
NA
CVE-2015-3013
ownCloud Server prior to 5.0.19, 6.x prior to 6.0.7, and 7.x prior to 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.
Owncloud Owncloud
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »