Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.3.3 vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2012-0057
PHP prior to 5.3.9 has improper libxslt security settings, which allows remote malicious users to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
Php Php
Php Php 5.2.9
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.2.7
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.2.5
Php Php 5.0.4
Php Php 5.2.12
Php Php 5.2.11
Php Php 5.2.6
Php Php 5.2.17
570
VMScore
CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote malicious users to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF head...
Php Php 5.4.0
Php Php
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
561
VMScore
CVE-2011-0441
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.
Php Php 5.3.5
520
VMScore
CVE-2012-2336
sapi/cgi/cgi_main.c in PHP prior to 5.3.13 and 5.4.x prior to 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote malicious users to cause a denial of service (resource consumptio...
Php Php 4.3.9
Php Php 4.4.9
Php Php 3.0
Php Php 5.2.9
Php Php 4.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 5.3.10
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 4.2.0
Php Php 5.1.1
Php Php 3.0.1
Php Php 5.2.14
Php Php 3.0.2
Php Php 4.4.4
Php Php 5.0.0
Php Php 4.1.0
Php Php 5.1.6
4 EDB exploits
516
VMScore
CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP prior to 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote malicious users to cause a denial of service (malformed $_FILES indexes) or conduct directory tra...
Php Php 5.2.9
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.3.8
Php Php 5.2.7
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.2.5
Php Php 5.0.4
Php Php 5.2.12
Php Php
Php Php 5.2.11
515
VMScore
CVE-2011-4885
PHP prior to 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many crafted parameters.
Php Php
Php Php 5.2.9
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.2.7
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.2.5
Php Php 5.0.4
Php Php 5.2.12
Php Php 5.2.11
Php Php 5.2.6
Php Php 5.2.17
3 EDB exploits
510
VMScore
CVE-2011-0420
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent malicious users to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
Php Php 5.3.5
2 EDB exploits
505
VMScore
CVE-2012-0788
The PDORow implementation in PHP prior to 5.3.9 does not properly interact with the session feature, which allows remote malicious users to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start ...
Php Php
Php Php 5.2.9
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.2.7
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.2.5
Php Php 5.0.4
Php Php 5.2.12
Php Php 5.2.11
Php Php 5.2.6
Php Php 5.2.17
1 EDB exploit
505
VMScore
CVE-2012-0789
Memory leak in the timezone functionality in PHP prior to 5.3.9 allows remote malicious users to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
Php Php
Php Php 5.2.9
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.2.7
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.2.5
Php Php 5.0.4
Php Php 5.2.12
Php Php 5.2.11
Php Php 5.2.6
Php Php 5.2.17
1 EDB exploit
505
VMScore
CVE-2012-0781
The tidy_diagnose function in PHP 5.3.8 might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerab...
Php Php 5.3.8
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »