Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.2.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-2107
The GENERATE_SEED macro in PHP 4.x prior to 4.4.8 and 5.x prior to 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent malicious users to predict subsequent values of the ...
Php Php 5
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.5
Php Php 5.1.6
Php Php 5.0.1
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.4
Php Php
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.1.0
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.1.1
Php Php 5.1.2
Php Php 5.2.2
Php Php 5.2.3
2.6
CVSSv2
CVE-2006-0208
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote malicious users to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting...
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0
Php Php 4.1.0
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.7
Php Php 4.3.8
Php Php 5.0.0
Php Php 5.1.0
Php Php 5.1.1
Php Php 4.0.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.3.9
Php Php 4.4.1
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.0
7.5
CVSSv2
CVE-2008-5658
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and previous versions allows context-dependent malicious users to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Php Php 5.2.0
Php Php 5.1.6
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.0.0
Php Php
Php Php 5.1.5
Php Php 5.1.4
Php Php 5.0.3
Php Php 5.0.2
Php Php 5.2.5
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.0.1
Php Php 5.2.2
Php Php 5.2.1
Php Php 5.1.1
Php Php 5.1.0
6.8
CVSSv2
CVE-2011-4718
Session fixation vulnerability in the Sessions subsystem in PHP prior to 5.5.2 allows remote malicious users to hijack web sessions by specifying a session ID.
Php Php 5.5.0
Php Php 5.2.9
Php Php 5.4.12
Php Php 5.3.10
Php Php 5.3.27
Php Php 5.1.5
Php Php 5.4.15
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 5.1.1
Php Php 5.3.18
Php Php 5.2.14
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.16
Php Php 5.3.24
Php Php 5.3.15
Php Php 5.3.8
Php Php 5.2.7
Php Php 5.2.2
7.5
CVSSv2
CVE-2008-5625
PHP 5 prior to 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent malicious users to write to arbitrary files by placing a "php_value error_log" entry in a ...
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.0.0
Php Php
Php Php 5.2.5
Php Php 5.1.6
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.2.0
Php Php 5.1.5
Php Php 5.1.4
Php Php 5.0.3
Php Php 5.0.2
Php Php 5.0.1
1 EDB exploit
5
CVSSv2
CVE-2011-0752
The extract function in PHP prior to 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent malicious users to bypass intended access restrictions by modifying data struc...
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.9
Php Php 5.2.10
Php Php 5.1.1
Php Php 5.0.0
Php Php 5.0.4
Php Php 5.0.5
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0
Php Php 4.1.2
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.4.4
Php Php 4.4.5
Php Php 3.0.13
Php Php 3.0.12
Php Php 3.0.14
Php Php 3.0.17
Php Php 2.0b10
7.5
CVSSv2
CVE-2009-3291
The php_openssl_apply_verification_policy function in PHP prior to 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
Php Php 4.3.6
Php Php 4.3.5
Php Php 4.3.0
Php Php 5.0.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 5.1.0
Php Php 5.0.2
Php Php 4.4.9
Php Php 4.2
Php Php 3.0.12
Php Php 3.0.1
Php Php 3.0.14
Php Php 3.0.17
Php Php 3.0.16
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0
Php Php 4.0.1
Php Php 4.1.2
Php Php 4.0.7
Php Php 5.2.9
10
CVSSv2
CVE-2009-4143
PHP prior to 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Php Php 4.3.11
Php Php 4.3.4
Php Php 4.2.3
Php Php 4.2.2
Php Php 5.0
Php Php 4.4.1
Php Php 4.4.2
Php Php 5.0.0
Php Php 2.0b10
Php Php 2.0
Php Php 3.0.10
Php Php 3.0.13
Php Php 3.0.15
Php Php 3.0.14
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0
Php Php 4.0.7
Php Php 5.1.2
Php Php 5.1.3
Php Php 5.2.2
Php Php 5.2.3
6.4
CVSSv2
CVE-2009-2626
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and previous versions versions allows context-specific malicious users to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then usin...
Php Php 4.3.6
Php Php 4.3.5
Php Php 4.3.0
Php Php 5.0.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 5.1.0
Php Php 5.0.2
Php Php 4.2
Php Php 4.4.9
Php Php 3.0.12
Php Php 3.0.1
Php Php 3.0.14
Php Php 3.0.17
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.1.2
Php Php 4.0.7
Php Php 5.2.8
3 EDB exploits
7.5
CVSSv2
CVE-2009-4018
The proc_open function in ext/standard/proc_open.c in PHP prior to 5.2.11 and 5.3.x prior to 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent malicious users to execute programs with an arbit...
Php Php 4.3.1
Php Php 4.3.2
Php Php 4.1.0
Php Php 4.2.1
Php Php 4.4.7
Php Php 5.0
Php Php 4.3.9
Php Php 4.4.0
Php Php 5.0.4
Php Php 5.0.3
Php Php 5.0.0
Php Php 1.0
Php Php 4
Php Php 3.0.2
Php Php 3.0.18
Php Php 4.0
Php Php 3.0.9
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.4
Php Php 4.3.11
Php Php 4.3.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »