Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.2.11 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-1862
The chunk_split function in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass b...
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.10
Php Php 5.2.11
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.2.0
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.3.0
Php Php 5.3.1
Php Php 5.3.2
NA
CVE-2010-1868
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allow context-dependent malicious users to execute arbitrary code by calling these functions with an empty SQL query, wh...
Php Php 5.2.5
Php Php 5.2.8
Php Php 5.2.13
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.9
Php Php 5.2.10
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.2.4
Php Php 5.2.6
Php Php 5.3.0
Php Php 5.3.2
Php Php 5.3.1
NA
CVE-2010-1129
The safe_mode implementation in PHP prior to 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent malicious users to bypass intended access restrictions via vectors related to use of the tempnam function.
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.12
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.10
Php Php 5.2.11
NA
CVE-2010-1128
The Linear Congruential Generator (LCG) in PHP prior to 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent malicious users to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniq...
Php Php 5.2.9
Php Php 5.2.8
Php Php 5.2.0
Php Php 5.2.11
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.3
Php Php 5.2.2
Php Php
Php Php 5.2.5
Php Php 5.2.4
Php Php 5.2.7
Php Php 5.2.6
1 EDB exploit
NA
CVE-2010-1130
session.c in the session extension in PHP prior to 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent malicious users to bypass open_basedir and safe_mode restrictions via an ar...
Php Php 5.2.3
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.3.1
Php Php 5.0.0
Php Php 5.2.13
Php Php 5.2.11
Php Php 5.2.5
Php Php 5.2.0
Php Php 5.1.6
Php Php 5.1.4
Php Php 5.1.5
Php Php 5.0.5
Php Php 5.2.9
Php Php 5.2.4
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.1.2
Php Php 5.0.4
Php Php 5.0.2
Php Php
Php Php 5.2.10
1 EDB exploit
NA
CVE-2009-4418
The unserialize function in PHP 5.3.0 and previous versions allows context-dependent malicious users to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Php Php 5.2.11
Php Php 5.2.7
Php Php 5.2.9
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.0
Php Php 5.1.1
Php Php 5.2.1
Php Php 5.2.2
Php Php 5
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.2.5
NA
CVE-2009-4142
The htmlspecialchars function in PHP prior to 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by placing a crafted by...
Php Php 4.3.4
Php Php 4.3.3
Php Php 4.2.3
Php Php 4.2.2
Php Php 5.0
Php Php 4.4.2
Php Php 4.4.3
Php Php 5.0.0
Php Php 2.0b10
Php Php 4.4.8
Php Php 2.0
Php Php 3.0.10
Php Php 3.0.13
Php Php 3.0.3
Php Php 3.0.15
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.2.1
Php Php 4.4.7
2 EDB exploits
NA
CVE-2009-4018
The proc_open function in ext/standard/proc_open.c in PHP prior to 5.2.11 and 5.3.x prior to 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent malicious users to execute programs with an arbit...
Php Php 4.3.1
Php Php 4.3.2
Php Php 4.1.0
Php Php 4.2.1
Php Php 4.4.7
Php Php 5.0
Php Php 4.3.9
Php Php 4.4.0
Php Php 5.0.4
Php Php 5.0.3
Php Php 5.0.0
Php Php 1.0
Php Php 4
Php Php 3.0.2
Php Php 3.0.18
Php Php 4.0
Php Php 3.0.9
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.4
Php Php 4.3.11
Php Php 4.3.4
1 EDB exploit
NA
CVE-2009-3546
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x prior to 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote malicious users to conduct buffer overflow or buffer over-read attacks via a cra...
Libgd Gd Graphics Library 2.0.34
Libgd Gd Graphics Library 2.0.33
Libgd Gd Graphics Library 2.0.35
Libgd Gd Graphics Library 2.0.36
Php Php 5.2.11
Php Php 5.3.0
NA
CVE-2009-3294
The popen API function in TSRM/tsrm_win32.c in PHP prior to 5.2.11 and 5.3.x prior to 5.3.1, when running on certain Windows operating systems, allows context-dependent malicious users to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" stri...
Php Php
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »