Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php web scripts vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4060
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote malicious users to execute arbitrary PHP code via a URL in the cfg_dir parameter.
Web-scripts Visual Events Calendar 1.1
1 EDB exploit
5
CVSSv2
CVE-2005-4880
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfi...
Jax Scripts Jax Guestbook 3.3.1
Jax Scripts Jax Guestbook 3.1
4 EDB exploits
7.5
CVSSv2
CVE-2006-1478
Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the ...
Turnkey Web Tools Php Live Helper 1.8
4.3
CVSSv2
CVE-2008-6562
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote malicious users to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
Jax Scripts Jax Linklists 1.00
2 EDB exploits
7.5
CVSSv2
CVE-2007-2988
A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote malicious users to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed...
Inout Scripts Inout Meta Search Engine
1 EDB exploit
7.5
CVSSv2
CVE-2012-2311
sapi/cgi/cgi_main.c in PHP prior to 5.3.13 and 5.4.x prior to 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote malicious users to execute arbitrary code b...
Php Php 4.3.9
Php Php 4.4.9
Php Php 3.0
Php Php 5.2.9
Php Php 4.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 5.3.10
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 4.2.0
Php Php 5.1.1
Php Php 3.0.1
Php Php 5.2.14
Php Php 3.0.2
Php Php 4.4.4
Php Php 5.0.0
Php Php 4.1.0
Php Php 5.1.6
4 EDB exploits
2 Github repositories
4.6
CVSSv2
CVE-2006-4020
scanf.c in PHP 5.1.4 and previous versions, and 4.4.3 and previous versions, allows context-dependent malicious users to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer...
Php Php 4.3.9
Php Php 4.0
Php Php 5.1.2
Php Php 4.2.0
Php Php 5.1.1
Php Php 5.0.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 5.1.4
Php Php 4.0.7
Php Php 4.3.7
Php Php 5.0.4
Php Php 4.2.2
Php Php 4.4.2
Php Php 4.3.2
1 EDB exploit
10
CVSSv2
CVE-2012-0299
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x prior to 5.0.3 allow remote malicious users to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0
1 EDB exploit
2.6
CVSSv2
CVE-2006-4484
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP prior to 5.1.5 allows remote malicious users to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing t...
Php Php 5.1.4
Php Php 5.1.0
Php Php 5.1.1
Php Php 5.1.2
7.2
CVSSv2
CVE-2006-4481
The (1) file_exists and (2) imap_reopen functions in PHP prior to 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CV...
Php Php 5.1.1
Php Php 5.1.2
Php Php 5.1.4
Php Php 5.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »