Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.2.2 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2010-1128
The Linear Congruential Generator (LCG) in PHP prior to 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent malicious users to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniq...
Php Php 5.2.9
Php Php 5.2.8
Php Php 5.2.0
Php Php 5.2.11
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.3
Php Php 5.2.2
Php Php
Php Php 5.2.5
Php Php 5.2.4
Php Php 5.2.7
Php Php 5.2.6
1 EDB exploit
6.4
CVSSv2
CVE-2009-2626
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and previous versions versions allows context-specific malicious users to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then usin...
Php Php 4.3.6
Php Php 4.3.5
Php Php 4.3.0
Php Php 5.0.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 5.1.0
Php Php 5.0.2
Php Php 4.2
Php Php 4.4.9
Php Php 3.0.12
Php Php 3.0.1
Php Php 3.0.14
Php Php 3.0.17
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.1.2
Php Php 4.0.7
Php Php 5.2.8
3 EDB exploits
6.4
CVSSv2
CVE-2008-3659
Buffer overflow in the memnstr function in PHP 4.4.x prior to 4.4.9 and PHP 5.6 up to and including 5.2.6 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: th...
Php Php 4.4.0
Php Php 4.4.1
Php Php 4.4.8
Php Php 5.2.0
Php Php 4.4.2
Php Php 4.4.3
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.3
Php Php 4.4.4
Php Php 4.4.5
Php Php 5.2.4
Php Php 5.2.5
Php Php 4.4.6
Php Php 4.4.7
Php Php 5.2.6
5.8
CVSSv2
CVE-2015-6548
Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software prior to 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Symantec Web Gateway
5.8
CVSSv2
CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP prior to 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote malicious users to cause a denial of service (malformed $_FILES indexes) or conduct directory tra...
Php Php 5.3.3
Php Php 5.3.2
Php Php 5.2.5
Php Php 5.2.11
Php Php 5.2.0
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.3.5
Php Php 5.2.6
Php Php 5.2.9
Php Php 5.2.17
Php Php 5.2.10
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.1.6
Php Php 5.0.3
Php Php 5.0.0
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.14
Php Php 5.0.2
Php Php 5.3.7
5.1
CVSSv2
CVE-2021-25051
The Modal Window WordPress plugin prior to 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
Wow-company Modal Window
5.1
CVSSv2
CVE-2017-7414
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition 5.x up to and including 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically veri...
Horde Groupware 5.1.0
Horde Groupware 5.2.1
Horde Groupware 5.2.2
Horde Groupware 5.0.0
Horde Groupware 5.0.4
Horde Groupware 5.0.5
Horde Groupware 5.1.5
Horde Groupware 5.2.0
Horde Groupware 5.2.7
Horde Groupware 5.0.2
Horde Groupware 5.0.3
Horde Groupware 5.1.3
Horde Groupware 5.1.4
Horde Groupware 5.2.5
Horde Groupware 5.2.6
Horde Groupware 5.0.1
Horde Groupware 5.1.1
Horde Groupware 5.1.2
Horde Groupware 5.2.3
Horde Groupware 5.2.4
5.1
CVSSv2
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.4.7
Php Php 4.3.9
Php Php 4.3.8
Php Php 4.3.11
Php Php 4.3.10
Php Php 4.2.1
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.4.6
Php Php 4.4.5
Php Php 4.3.7
Php Php 4.3.6
Php Php 4.3.1
Php Php 4.3.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.4.1
Php Php 4.4.0
5.1
CVSSv2
CVE-2007-2510
Buffer overflow in the make_http_soap_request function in PHP prior to 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.3.9
Php Php 4.4.0
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.0
Php Php 5.1.1
Php Php 5.2.1
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.7
5
CVSSv2
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.2.13
Php Php 5.2.14
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.3.11
Php Php 5.3.12
Php Php 5.3.2
Php Php 5.3.20
Php Php 5.3.27
Php Php 5.3.28
Php Php 5.3.9
Php Php 5.4.0
Php Php 5.4.13
Php Php 5.4.14
Php Php 5.4.19
Php Php 5.4.2
Php Php 5.4.26
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »