Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stefan esser vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1376
The shmop functions in PHP prior to 4.4.5, and prior to 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent malicious users to read and write arbitrary memory locations via arguments associated with an inappro...
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.5
Php Php 4.3.6
Php Php 4.4.4
Php Php 4.4.5
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.6
Php Php 5.2.0
Php Php 4.2.2
Php Php 4.2.3
2 EDB exploits
NA
CVE-2007-1583
The mb_parse_str function in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote malicious users to invoke available PHP scripts with...
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.1
Php Php 4.4.2
Php Php 5.0.0
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.1.2
Php Php 5.1.3
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.6
1 EDB exploit
NA
CVE-2007-1700
The session extension in PHP 4 prior to 4.4.5, and PHP 5 prior to 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent malicious users to execute arbitrary code via a craf...
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.4.0
Php Php 4.4.1
Php Php 5.0.0
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.0
Php Php 5.1.3
Php Php 5.1.4
Php Php 4.0.3
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.3.10
1 EDB exploit
NA
CVE-2007-1521
Double free vulnerability in PHP prior to 4.4.7, and 5.x prior to 5.2.2, allows context-dependent malicious users to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violat...
Php Php
1 EDB exploit
NA
CVE-2007-1380
The php_binary serialization handler in the session extension in PHP prior to 4.4.5, and 5.x prior to 5.2.1, allows context-dependent malicious users to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buff...
Php Php 4.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.8
Php Php 4.3.9
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.2
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
1 EDB exploit
NA
CVE-2007-1718
CRLF injection vulnerability in the mail function in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 allows remote malicious users to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of...
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.7
Php Php 4.0
Php Php 4.2.3
Php Php 4.2
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.3
Php Php 4.4.4
Php Php 5.0.0
Php Php 5.0.5
Php Php 5.0
Php Php 5.1.4
Php Php 5.1.5
Php Php 4.0.3
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.6
Php Php 4.3.7
1 EDB exploit
NA
CVE-2007-2728
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.
Php Php -
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 7.04
NA
CVE-2007-1864
Buffer overflow in the bundled libxmlrpc library in PHP prior to 4.4.7, and 5.x prior to 5.2.2, has unknown impact and remote attack vectors.
Php Php
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.10
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Server 5.0
NA
CVE-2004-0398
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and previous versions, as used by cadaver prior to 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Webdav Cadaver
Webdav Neon
Debian Debian Linux 3.0
NA
CVE-2007-1888
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x up to and including 5.x and other applications, allows context-dependent malicious users to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installat...
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.0
Php Php 4.4.1
Php Php 4.4.2
Php Php 5.0.0
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.1.1
Php Php 5.1.2
Php Php 5.1.3
Php Php 4.0.2
Php Php 4.0.7
Php Php 4.2.3
Php Php 4.2
Php Php 4.3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »