Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.2.2 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2010-1861
The sysvshm extension for PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, whi...
Php Php 5.2.0
Php Php 5.2.8
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.6
Php Php 5.2.9
Php Php 5.3.0
Php Php 5.3.2
Php Php 5.3.1
5
CVSSv2
CVE-2010-1864
The addcslashes function in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass b...
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.2.13
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.9
Php Php 5.2.10
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.3.2
Php Php 5.3.0
Php Php 5.3.1
5
CVSSv2
CVE-2010-1860
The html_entity_decode function in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allows context-dependent malicious users to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call,...
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.2.2
Php Php 5.2.3
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.2.13
Php Php 5.2.4
Php Php 5.2.5
Php Php 5.2.0
Php Php 5.2.1
Php Php 5.2.9
Php Php 5.2.10
Php Php 5.3.1
Php Php 5.3.2
Php Php 5.3.0
6.4
CVSSv2
CVE-2010-1128
The Linear Congruential Generator (LCG) in PHP prior to 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent malicious users to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniq...
Php Php 5.2.9
Php Php 5.2.8
Php Php 5.2.0
Php Php 5.2.11
Php Php 5.2.10
Php Php 5.2.1
Php Php 5.2.3
Php Php 5.2.2
Php Php
Php Php 5.2.5
Php Php 5.2.4
Php Php 5.2.7
Php Php 5.2.6
1 EDB exploit
7.5
CVSSv2
CVE-2010-1129
The safe_mode implementation in PHP prior to 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent malicious users to bypass intended access restrictions via vectors related to use of the tempnam function.
Php Php 5.2.5
Php Php 5.2.6
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.2.9
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.12
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.2.10
Php Php 5.2.11
5
CVSSv2
CVE-2010-1130
session.c in the session extension in PHP prior to 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent malicious users to bypass open_basedir and safe_mode restrictions via an ar...
Php Php 5.2.3
Php Php 5.2.1
Php Php 5.2.2
Php Php 5.3.1
Php Php 5.0.0
Php Php 5.2.13
Php Php 5.2.11
Php Php 5.2.5
Php Php 5.2.0
Php Php 5.1.6
Php Php 5.1.4
Php Php 5.1.5
Php Php 5.0.5
Php Php 5.2.9
Php Php 5.2.4
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.1.2
Php Php 5.0.4
Php Php 5.0.2
Php Php
Php Php 5.2.10
1 EDB exploit
5
CVSSv2
CVE-2009-4418
The unserialize function in PHP 5.3.0 and previous versions allows context-dependent malicious users to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Php Php 5.2.11
Php Php 5.2.7
Php Php 5.2.9
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.0
Php Php 5.1.1
Php Php 5.2.1
Php Php 5.2.2
Php Php 5
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.8
Php Php 5.1.0
Php Php 5.0.5
Php Php 5.0.4
Php Php 5.1.6
Php Php 5.2.0
Php Php 5.2.5
4.3
CVSSv2
CVE-2009-4142
The htmlspecialchars function in PHP prior to 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by placing a crafted by...
Php Php 4.3.4
Php Php 4.3.3
Php Php 4.2.3
Php Php 4.2.2
Php Php 5.0
Php Php 4.4.2
Php Php 4.4.3
Php Php 5.0.0
Php Php 2.0b10
Php Php 4.4.8
Php Php 2.0
Php Php 3.0.10
Php Php 3.0.13
Php Php 3.0.3
Php Php 3.0.15
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.2.1
Php Php 4.4.7
2 EDB exploits
10
CVSSv2
CVE-2009-4143
PHP prior to 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Php Php 4.3.11
Php Php 4.3.4
Php Php 4.2.3
Php Php 4.2.2
Php Php 5.0
Php Php 4.4.1
Php Php 4.4.2
Php Php 5.0.0
Php Php 2.0b10
Php Php 2.0
Php Php 3.0.10
Php Php 3.0.13
Php Php 3.0.15
Php Php 3.0.14
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0
Php Php 4.0.7
Php Php 5.1.2
Php Php 5.1.3
Php Php 5.2.2
Php Php 5.2.3
6.4
CVSSv2
CVE-2009-2626
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and previous versions versions allows context-specific malicious users to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then usin...
Php Php 4.3.6
Php Php 4.3.5
Php Php 4.3.0
Php Php 5.0.0
Php Php 4.3.7
Php Php 4.4.4
Php Php 5.1.0
Php Php 5.0.2
Php Php 4.2
Php Php 4.4.9
Php Php 3.0.12
Php Php 3.0.1
Php Php 3.0.14
Php Php 3.0.17
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.1.2
Php Php 4.0.7
Php Php 5.2.8
3 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »