Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.0 vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2007-1461
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP prior to 4.4.7, and 5.x prior to 5.2.2, does not implement safemode or open_basedir checks, which allows remote malicious users to read bzip2 archives located outside of the intended directories.
Php Php 5.1.5
Php Php 5.1.2
Php Php 5.1.1
Php Php 5.1.6
Php Php 5.0.5
Php Php 5.0.1
Php Php 5.1.4
Php Php 5.0.4
Php Php 5.0.3
Php Php 5.1.0
Php Php 5.2.0
Php Php 5.1.3
Php Php 5.0.2
Php Php 5.2.1
Php Php 5.0.0
Php Php 4.3.9
Php Php 3.0
Php Php 4.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 4.2.0
Php Php 3.0.1
690
VMScore
CVE-2006-7127
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote malicious users to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
Salims Softhouse Jaf Cms 4.0
2 EDB exploits
685
VMScore
CVE-2012-1933
Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x prior to 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2)...
Sourcefabric Newscoop 3.5.3
Sourcefabric Newscoop 3.5.4
Sourcefabric Newscoop 3.5.0
Sourcefabric Newscoop 3.5.2
Sourcefabric Newscoop 4.0
Sourcefabric Newscoop 3.5.1
1 EDB exploit
685
VMScore
CVE-2009-2608
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2...
Chatelao Php Address Book 4.0.1
Chatelao Php Address Book 4.0.2
1 EDB exploit
685
VMScore
CVE-2009-1912
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and previous versions allows remote malicious users to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including ...
Webspell Webspell 4.01.02
Webspell Webspell 4.0.2c
Webspell Webspell 4.1.2
Webspell Webspell 4.2.0d
Webspell Webspell 4.1
Webspell Webspell 4.0
Webspell Webspell 4.01.00
Webspell Webspell 4.1.1
Webspell Webspell 4.2.0c
Webspell Webspell 4.01.01
Webspell Webspell
1 EDB exploit
685
VMScore
CVE-2007-1001
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 allow context-dependent malicious users to execute arbitrary code via Wireless Bitmap (WBMP) ...
Php Php 4.3.9
Php Php 4.0
Php Php 5.1.5
Php Php 5.1.2
Php Php 4.2.0
Php Php 5.1.1
Php Php 4.4.4
Php Php 5.0.0
Php Php 4.1.0
Php Php 5.1.6
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 5.1.4
Php Php 4.0.7
Php Php 4.3.7
Php Php 5.0.4
1 EDB exploit
685
VMScore
CVE-2007-1583
The mb_parse_str function in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote malicious users to invoke available PHP scripts with...
Php Php 4.3.9
Php Php 4.0
Php Php 5.1.5
Php Php 5.1.2
Php Php 4.2.0
Php Php 5.1.1
Php Php 4.4.4
Php Php 5.0.0
Php Php 4.1.0
Php Php 5.1.6
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 5.1.4
Php Php 4.0.7
Php Php 4.3.7
Php Php 5.0.4
1 EDB exploit
685
VMScore
CVE-2007-1582
The resource system in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 allows context-dependent malicious users to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error ...
Php Php 4.3.9
Php Php 4.0
Php Php 5.1.5
Php Php 5.1.2
Php Php 4.2.0
Php Php 5.1.1
Php Php 4.4.4
Php Php 5.0.0
Php Php 4.1.0
Php Php 5.1.6
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 5.1.4
Php Php 4.0.7
Php Php 4.3.7
Php Php 5.0.4
1 EDB exploit
685
VMScore
CVE-2006-2122
PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote malicious users to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP.
Coolmenus Coolmenus 4.0
1 EDB exploit
685
VMScore
CVE-2004-0595
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore nul...
Redhat Fedora Core Core 2.0
Trustix Secure Linux 2.0
Redhat Fedora Core Core 1.0
Avaya Converged Communications Server 2.0
Trustix Secure Linux 1.5
Trustix Secure Linux 2.1
Avaya S8500 R2.0.1
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Avaya S8300 R2.0.0
Php Php 4.3.6
Avaya Integrated Management
Php Php 4.3.7
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.3.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »