Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php pear vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP prior to 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote malicious users to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, v...
Php Php 5.3.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.4.1
Php Php 4.4.2
Php Php 3.0.11
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.3
Php Php 3.0.8
Php Php 3.0.5
Php Php
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.2.0
Php Php 4.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2011-3379
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote malicious users to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Php Php 5.3.7
Php Php 5.3.8
7.5
CVSSv2
CVE-2011-1938
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 up to and including 5.3.6 might allow context-dependent malicious users to execute arbitrary code via a long pathname for a UNIX socket.
Php Php 5.3.4
Php Php 5.3.5
Php Php 5.3.3
Php Php 5.3.6
2 EDB exploits
6.8
CVSSv2
CVE-2020-28948
Archive_Tar up to and including 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Php Archive Tar
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
3 Github repositories
6.8
CVSSv2
CVE-2012-0831
PHP prior to 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote malicious users to conduct SQL injection attacks via a crafted request, related to main/php_variables...
Php Php
5
CVSSv2
CVE-2012-0781
The tidy_diagnose function in PHP 5.3.8 might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerab...
Php Php 5.3.8
1 EDB exploit
5
CVSSv2
CVE-2011-1657
The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent malicious users to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.
Php Php 5.3.6
5
CVSSv2
CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted ...
Php Php 5.3.8
1 EDB exploit
3.6
CVSSv2
CVE-2021-32610
In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Php Archive Tar
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5
CVSSv2
CVE-2020-36193
Tar.php in Archive_Tar up to and including 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Php Archive Tar
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »