Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.1.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-2666
Multiple directory traversal vulnerabilities in PHP 5.2.6 and previous versions allow context-dependent malicious users to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir ...
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.1.0
Php Php 5.1.1
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.2
Php Php 5.1.3
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.0
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.1.4
Php Php 5.1.5
Php Php 5.2.5
Php Php
1 EDB exploit
5
CVSSv2
CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and previous versions allows context-dependent malicious users to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.0
Php Php 5.0.2
Php Php 5.0.1
Php Php 5.0.0
Php Php 5.2.6
Php Php 5.2.5
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.0.4
Php Php 5.0.3
Php Php
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.0.5
Php Php 5
Php Php 5.2.7
Php Php 5.2.4
Php Php 5.2.3
1 EDB exploit
5
CVSSv2
CVE-2009-4418
The unserialize function in PHP 5.3.0 and previous versions allows context-dependent malicious users to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Php Php 5.2.11
Php Php 5.2.7
Php Php 5.2.9
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.0
Php Php 5.1.1
Php Php 5.2.1
Php Php 5.2.2
Php Php 5
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.2.5
5
CVSSv2
CVE-2010-1130
session.c in the session extension in PHP prior to 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent malicious users to bypass open_basedir and safe_mode restrictions via an ar...
Php Php 5.2.3
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.3.1
Php Php 5.0.0
Php Php 5.2.13
Php Php 5.2.11
Php Php 5.2.5
Php Php 5.2.0
Php Php 5.1.6
Php Php 5.1.4
Php Php 5.1.5
Php Php 5.0.5
Php Php 5.2.9
Php Php 5.2.4
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.1.2
Php Php 5.0.4
Php Php 5.0.2
Php Php
Php Php 5.2.10
1 EDB exploit
9.3
CVSSv2
CVE-2007-1581
The resource system in PHP 5.0.0 up to and including 5.2.1 allows context-dependent malicious users to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resou...
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0
Php Php 5.1.0
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.1
Php Php 5.1.2
Php Php 5.2.2
Php Php 5.2.3
1 EDB exploit
10
CVSSv2
CVE-2006-4812
Integer overflow in PHP 5 up to 5.1.6 and 4 prior to 4.3.0 allows remote malicious users to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function ...
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.2
Php Php 4.2.3
Php Php 5.1.5
Php Php 5.1.6
1 EDB exploit
2.6
CVSSv2
CVE-2006-0208
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote malicious users to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting...
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0
Php Php 4.1.0
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.7
Php Php 4.3.8
Php Php 5.0.0
Php Php 5.1.0
Php Php 5.1.1
Php Php 4.0.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.3.9
Php Php 4.4.1
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.0
6.4
CVSSv2
CVE-2012-0057
PHP prior to 5.3.9 has improper libxslt security settings, which allows remote malicious users to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
Php Php 5.3.4
Php Php 5.3.6
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.2.10
Php Php 5.2.13
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.0.0
Php Php
Php Php 5.2.15
Php Php 5.2.9
Php Php 5.2.7
Php Php 5.2.0
Php Php 5.2.17
Php Php 5.2.2
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.0.1
Php Php 5.3.7
5.8
CVSSv2
CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP prior to 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote malicious users to cause a denial of service (malformed $_FILES indexes) or conduct directory tra...
Php Php 5.3.3
Php Php 5.3.2
Php Php 5.2.5
Php Php 5.2.11
Php Php 5.2.0
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.3.5
Php Php 5.2.6
Php Php 5.2.9
Php Php 5.2.17
Php Php 5.2.10
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.1.6
Php Php 5.0.3
Php Php 5.0.0
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.14
Php Php 5.0.2
Php Php 5.3.7
7.5
CVSSv2
CVE-2006-4433
PHP prior to 4.4.3 and 5.x prior to 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote malicious users to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, whic...
Php Php 4.0.1
Php Php 4.0.7
Php Php 4.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.0
Php Php 4.0.0
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.0
Php Php 4.4.1
Php Php 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »