Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.13
Php Php 5.2.14
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.3.11
Php Php 5.3.12
Php Php 5.3.2
Php Php 5.3.20
Php Php 5.3.27
Php Php 5.3.28
Php Php 5.3.9
Php Php 5.4.0
Php Php 5.4.13
Php Php 5.4.14
Php Php 5.4.19
Php Php 5.4.2
Php Php 5.4.26
5
CVSSv2
CVE-2010-4409
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and previous versions allows context-dependent malicious users to cause a denial of service (application crash) via an invalid argument.
Php Php 4.0
Php Php 4.0.0
Php Php 4.2.0
Php Php 4.3.1
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.4.5
Php Php 4.4.6
Php Php 3.0.12
Php Php 3.0.1
Php Php 3.0.17
Php Php 3.0.16
Php Php 2.0
Php Php 1.0
Php Php 5.3.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.3
1 EDB exploit
4.3
CVSSv2
CVE-2011-0753
Race condition in the PCNTL extension in PHP prior to 5.3.4, when a user-defined signal handler exists, might allow context-dependent malicious users to cause a denial of service (memory corruption) via a large number of concurrent signals.
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.3.9
Php Php 4.4.0
Php Php 4.4.8
Php Php 4.4.9
Php Php 5.3.2
Php Php 4.0.6
Php Php 4.0.7
Php Php 5.3.0
Php Php 5.3.1
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
4.4
CVSSv2
CVE-2011-0754
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP prior to 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat struc...
Php Php 3.0.14
Php Php 3.0.3
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.0
Php Php 4.3.0
Php Php 4.3.4
Php Php 4.3.6
Php Php 4.4.6
Php Php 4.4.7
Php Php 3.0.13
Php Php 3.0.15
Php Php 4.4.4
Php Php 4.3.3
Php Php 1.0
Php Php 2.0
Php Php 3.0.7
Php Php 4.0.2
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.2.0
Php Php 4.3.10
7.5
CVSSv2
CVE-2009-3292
Unspecified vulnerability in PHP prior to 5.2.11, and 5.3.x prior to 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.2.3
Php Php 5.0
Php Php 4.4.0
Php Php 4.4.1
Php Php 4.4.2
Php Php 5.0.0
Php Php 1.0
Php Php 2.0b10
Php Php 3.0.11
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.3
Php Php 3.0.9
Php Php 4.0
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.0.7
Php Php 5.1.4
Php Php 5.1.5
7.5
CVSSv2
CVE-2009-3293
Unspecified vulnerability in the imagecolortransparent function in PHP prior to 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
Php Php 4.3.6
Php Php 4.3.5
Php Php 4.2.0
Php Php 4.4.5
Php Php 5.0.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 5.1.0
Php Php 5.0.5
Php Php 5.0.2
Php Php 5.0.1
Php Php 4.2
Php Php 4.4.9
Php Php 3.0.1
Php Php 3.0
Php Php 3.0.17
Php Php 3.0.16
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0
Php Php 4.0.6
Php Php 4.0.1
2.6
CVSSv2
CVE-2008-5814
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and previous versions, when display_errors is enabled, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is...
Php Php
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.0.5
Php Php 5.0.0
Php Php 5
Php Php 4.4.9
Php Php 4.4.0
Php Php 4.4.1
Php Php 4.3.4
Php Php 4.3.0
Php Php 4.1.0
Php Php 4.2.1
Php Php 4.0
Php Php 4.1.1
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0.1
Php Php 3.0.4
Php Php 3.0.3
Php Php 3.0.11
Php Php 3.0.10
7.5
CVSSv2
CVE-2012-2311
sapi/cgi/cgi_main.c in PHP prior to 5.3.13 and 5.4.x prior to 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote malicious users to execute arbitrary code b...
Php Php 4.3.9
Php Php 4.4.9
Php Php 3.0
Php Php 5.2.9
Php Php 4.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 5.3.10
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 4.2.0
Php Php 5.1.1
Php Php 3.0.1
Php Php 5.2.14
Php Php 3.0.2
Php Php 4.4.4
Php Php 5.0.0
Php Php 4.1.0
Php Php 5.1.6
4 EDB exploits
2 Github repositories
5
CVSSv2
CVE-2012-3365
The SQLite functionality in PHP prior to 5.3.15 allows remote malicious users to bypass the open_basedir protection mechanism via unspecified vectors.
Php Php 5.3.11
Php Php 5.3.4
Php Php 5.3.13
Php Php 5.3.2
Php Php 5.2.13
Php Php 5.2.5
Php Php 5.2.3
Php Php 5.2.14
Php Php 5.1.6
Php Php 5.1.4
Php Php 5.0.0
Php Php 4.3.10
Php Php 4.3.1
Php Php 4.4.8
Php Php 4.2.0
Php Php 4.3.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 4.0
Php Php 4.0.5
Php Php 4.0.4
Php Php 3.0.11
6.8
CVSSv2
CVE-2014-3597
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP prior to 5.4.32 and 5.5.x prior to 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_g...
Php Php 5.4.10
Php Php 5.4.11
Php Php 5.4.14
Php Php 5.4.15
Php Php 5.4.20
Php Php 5.4.21
Php Php 5.4.29
Php Php 5.4.3
Php Php 5.4.8
Php Php 5.4.9
Php Php 5.5.3
Php Php 5.5.2
Php Php 5.4.0
Php Php 5.4.12
Php Php 5.4.13
Php Php 5.4.17
Php Php 5.4.18
Php Php 5.4.25
Php Php 5.4.26
Php Php 5.4.4
Php Php 5.4.5
Php Php 5.5.7
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »