Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-1885
Integer overflow in the str_replace function in PHP 4 prior to 4.4.5 and PHP 5 prior to 5.2.1 allows context-dependent malicious users to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length cou...
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.7
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.4.1
Php Php 4.0.3
Php Php 4.2.3
Php Php 4.2
Php Php 4.3.5
Php Php 4.3.6
Php Php 4.4.3
Php Php 4.4.4
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.4
Php Php 5.1.5
Php Php 4.0.4
Php Php 4.1.0
Php Php 4.1.1
760
VMScore
CVE-2007-1376
The shmop functions in PHP prior to 4.4.5, and prior to 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent malicious users to read and write arbitrary memory locations via arguments associated with an inappro...
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.5
Php Php 4.3.6
Php Php 4.4.4
Php Php 4.4.5
Php Php 5.0.0
Php Php 5.0
Php Php 5.1.6
Php Php 5.2.0
Php Php 4.2.2
Php Php 4.2.3
2 EDB exploits
828
VMScore
CVE-2007-2844
PHP 4.x and 5.x prior to 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote malicious users to overwrite internal program memory and g...
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.0
Php Php 4.1.0
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.4.5
Php Php 4.4.6
Php Php 5.0.0
Php Php 5.0.1
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.4.1
Php Php 4.4.2
755
VMScore
CVE-2007-1700
The session extension in PHP 4 prior to 4.4.5, and PHP 5 prior to 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent malicious users to execute arbitrary code via a craf...
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.4.0
Php Php 4.4.1
Php Php 5.0.0
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.0
Php Php 5.1.3
Php Php 5.1.4
Php Php 4.0.3
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.3.10
1 EDB exploit
605
VMScore
CVE-2007-1884
Multiple integer signedness errors in the printf function family in PHP 4 prior to 4.4.5 and PHP 5 prior to 5.2.1 on 64 bit machines allow context-dependent malicious users to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print f...
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.0
Php Php 4.1.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.4.4
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 4.4.3
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.0.5
505
VMScore
CVE-2007-1380
The php_binary serialization handler in the session extension in PHP prior to 4.4.5, and 5.x prior to 5.2.1, allows context-dependent malicious users to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buff...
Php Php 4.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.8
Php Php 4.3.9
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.2
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
1 EDB exploit
755
VMScore
CVE-2005-3390
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote malicious users to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS&...
Php Php 3.0.14
Php Php 3.0.15
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.2.3
Php Php 4.2
Php Php 4.3.5
Php Php 4.3.6
Php Php 5.0.2
Php Php 5.0.3
Php Php 3.0
Php Php 3.0.1
Php Php 3.0.16
Php Php 3.0.17
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0.4
Php Php 4.1.0
Php Php 4.1.1
1 EDB exploit
383
VMScore
CVE-2010-2531
The var_export function in PHP 5.2 prior to 5.2.14 and 5.3 prior to 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote malicious users to obtain sensitive information by causing the application to exceed...
Php Php
Debian Debian Linux 5.0
Debian Debian Linux 6.0
231
VMScore
CVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x up to and including 6.5 allows remote malicious users to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 6.0
890
VMScore
CVE-2001-1025
PHP-Nuke 5.x allows remote malicious users to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »