Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.2.8 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2012-3365
The SQLite functionality in PHP prior to 5.3.15 allows remote malicious users to bypass the open_basedir protection mechanism via unspecified vectors.
Php Php 5.3.11
Php Php 5.3.4
Php Php 5.3.13
Php Php 5.3.2
Php Php 5.2.13
Php Php 5.2.5
Php Php 5.2.3
Php Php 5.2.14
Php Php 5.1.6
Php Php 5.1.4
Php Php 5.0.0
Php Php 4.3.10
Php Php 4.3.1
Php Php 4.4.8
Php Php 4.2.0
Php Php 4.3.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 4.0
Php Php 4.0.5
Php Php 4.0.4
Php Php 3.0.11
445
VMScore
CVE-2011-3267
PHP prior to 5.3.7 does not properly implement the error_log function, which allows context-dependent malicious users to cause a denial of service (application crash) via unspecified vectors.
Php Php 4.3.11
Php Php 4.3.4
Php Php 4.2.2
Php Php 4.4.5
Php Php 4.4.6
Php Php 4.3.8
Php Php 4.3.9
Php Php 4.4.4
Php Php 5.0.5
Php Php 5.0.0
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.2.2
Php Php 1.0
Php Php 5.3.0
Php Php 3.0.11
Php Php 3.0.18
Php Php 3.0.4
Php Php 4.0
Php Php 3.0.9
Php Php 4.3.3
Php Php 4.3.6
445
VMScore
CVE-2011-1466
Integer overflow in the SdnToJulian function in the Calendar extension in PHP prior to 5.3.6 allows context-dependent malicious users to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
Php Php 5.3.1
Php Php 5.3.2
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.3.0
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 4.4.3
Php Php 3.0.10
Php Php 3.0.13
Php Php 3.0.3
Php Php 3.0.15
Php Php 3.0.5
Php Php 3.0.6
Php Php 2.0b10
Php Php 5.2.11
Php Php 5.2.5
Php Php 5.2.1
Php Php 5.2.2
445
VMScore
CVE-2011-0752
The extract function in PHP prior to 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent malicious users to bypass intended access restrictions by modifying data struc...
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.9
Php Php 5.2.10
Php Php 5.1.1
Php Php 5.0.0
Php Php 5.0.4
Php Php 5.0.5
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0
Php Php 4.1.2
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.4.4
Php Php 4.4.5
Php Php 3.0.13
Php Php 3.0.12
Php Php 3.0.14
Php Php 3.0.17
Php Php 2.0b10
445
VMScore
CVE-2011-0755
Integer overflow in the mt_rand function in PHP prior to 5.3.4 might make it easier for context-dependent malicious users to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0
Php Php 4.2.1
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.3.9
Php Php 4.4.0
Php Php 4.4.7
Php Php 4.4.8
Php Php 3.0.2
Php Php 3.0.18
Php Php 3.0.9
Php Php 3.0.7
Php Php
Php Php 5.2.9
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.2.16
Php Php 5.2.7
Php Php 5.1.4
445
VMScore
CVE-2010-4699
The iconv_mime_decode_headers function in the Iconv extension in PHP prior to 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote malicious users to trigger an incomplete output array...
Php Php 5.3.1
Php Php 5.3.2
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0
Php Php 4.0.0
Php Php 4.0.7
Php Php 4.2.0
Php Php 4.3.1
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.4.5
Php Php 4.4.6
Php Php 3.0.12
Php Php 3.0.1
Php Php 3.0.17
Php Php 3.0.16
Php Php 2.0
Php Php 1.0
Php Php 5.2.5
Php Php 5.2.0
Php Php 5.2.17
445
VMScore
CVE-2006-7243
PHP prior to 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent malicious users to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists...
Php Php 5.3.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.1
Php Php 4.4.2
Php Php 4.4.9
Php Php 3.0.11
Php Php 3.0.18
Php Php 3.0.4
Php Php 3.0.8
Php Php 3.0.5
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.8
Php Php 5.2.3
Php Php 5.2.4
2 Articles
445
VMScore
CVE-2010-2484
The strrchr function in PHP 5.2 prior to 5.2.14 allows context-dependent malicious users to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.
Php Php 5.2.11
Php Php 5.2.5
Php Php 5.2.2
Php Php 5.2.9
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.2.0
Php Php 5.2.4
Php Php 5.2.13
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.3
Php Php 5.2.1
445
VMScore
CVE-2010-3065
The default session serializer in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent malicious users to modify arbitrary session variables via a crafted session variable name.
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.13
Php Php 5.3.0
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.9
Php Php 5.2.10
445
VMScore
CVE-2010-2190
The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allow context-dependent malicious users to obtain sensitive information (memory contents) by causing a userspace interruption of an interna...
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.11
Php Php 5.3.0
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.9
Php Php 5.2.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »