Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.10 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1643
The SOAP parser in PHP prior to 5.3.23 and 5.4.x prior to 5.4.13 allows remote malicious users to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the ...
Php Php 4.3.9
Php Php 4.4.9
Php Php 3.0
Php Php
Php Php 5.2.9
Php Php 4.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 5.3.10
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 4.2.0
Php Php 5.1.1
Php Php 3.0.1
Php Php 5.3.18
Php Php 5.2.14
Php Php 3.0.2
Php Php 4.4.4
Php Php 5.0.0
8.8
CVSSv3
CVE-2016-4876
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and previous versions allows remote malicious users to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
Basercms Basercms 3.0.10
NA
CVE-2013-4557
The Security Screen (_core_/securite/ecran_securite.php) prior to 1.1.8 for SPIP, as used in SPIP 3.0.x prior to 3.0.12, allows remote malicious users to execute arbitrary PHP via the connect parameter.
Spip Spip 3.0.0
Spip Spip 3.0.1
Spip Spip 3.0.8
Spip Spip 3.0.9
Spip Spip 3.0.4
Spip Spip 3.0.5
Spip Spip 3.0.2
Spip Spip 3.0.3
Spip Spip 3.0.10
Spip Spip 3.0.11
Spip Spip 3.0.6
Spip Spip 3.0.7
9.8
CVSSv3
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 3.0.1
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 2.1.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.7
Spip Spip 2.0.6
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 2.0.12
Spip Spip 2.0.11
Spip Spip 3.1.0
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.17
9.8
CVSSv3
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 3.0.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.1.3
Spip Spip 2.0.8
Spip Spip 3.1.0
Spip Spip 3.0.20
Spip Spip 3.0.2
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.15
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.1.12
NA
CVE-2013-4556
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP prior to 2.1.24 and 3.0.x prior to 3.0.12 allows remote malicious users to inject arbitrary web script or HTML via the url_site parameter.
Spip Spip 3.0.3
Spip Spip 3.0.4
Spip Spip 2.1.21
Spip Spip 2.1.20
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.0.7
Spip Spip 2.0.6
Spip Spip 2.0.19
Spip Spip 2.0.18
Spip Spip 2.0.11
Spip Spip 3.0.0
Spip Spip 3.0.7
Spip Spip 3.0.8
Spip Spip 2.1.18
Spip Spip 2.1.17
Spip Spip 2.1.10
Spip Spip 2.1.1
Spip Spip 2.0.3
Spip Spip 2.0.22
Spip Spip 2.0.15
Spip Spip 2.0.14
NA
CVE-2012-2966
Caucho Quercus, as distributed in Resin prior to 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.
Caucho Resin 4.0.5
Caucho Resin 4.0.12
Caucho Resin 4.0.11
Caucho Resin 4.0.10
Caucho Resin 4.0.27
Caucho Resin 4.0.13
Caucho Resin 4.0.14
Caucho Resin 4.0.15
Caucho Resin 4.0.16
Caucho Resin 3.1.10
Caucho Resin 3.1.7
Caucho Resin 3.1.8
Caucho Resin 3.0.1
Caucho Resin 3.0.18
Caucho Resin 3.0.19
Caucho Resin 3.1.1
Caucho Resin 3.1.0
Caucho Resin 2.1.8
Caucho Resin 2.1.7
Caucho Resin 2.1.10
Caucho Resin 2.1.9
Caucho Resin 2.1.1
NA
CVE-2012-2967
Caucho Quercus, as distributed in Resin prior to 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.
Caucho Resin
Caucho Resin 4.0.8
Caucho Resin 4.0.22
Caucho Resin 4.0.23
Caucho Resin 4.0.24
Caucho Resin 4.0.25
Caucho Resin 3.1.5
Caucho Resin 3.1.6
Caucho Resin 3.0.2
Caucho Resin 3.1.4
Caucho Resin 3.0.11
Caucho Resin 3.0.16
Caucho Resin 3.0.17
Caucho Resin 3.0.14
Caucho Resin 3.0.15
Caucho Resin 2.1.13
Caucho Resin 2.1.snap
Caucho Resin 2.1.11
Caucho Resin 2.1.16
Caucho Resin 2.0.5
Caucho Resin 2.0.0
Caucho Resin 2.0.2
NA
CVE-2012-2968
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin prior to 4.0.29, allows remote malicious users to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.
Caucho Resin 4.0.4
Caucho Resin 4.0.3
Caucho Resin 4.0.2
Caucho Resin 4.0.1
Caucho Resin 4.0.18
Caucho Resin 4.0.19
Caucho Resin 4.0.20
Caucho Resin 3.1.13
Caucho Resin 3.0.6
Caucho Resin 3.0.7
Caucho Resin 3.0.12
Caucho Resin 3.0.13
Caucho Resin 3.1.2
Caucho Resin 3.0.5
Caucho Resin 3.0.4
Caucho Resin 3.0.3
Caucho Resin 2.1.3
Caucho Resin 2.1.6
Caucho Resin 2.1.5
Caucho Resin 2.0.4
Caucho Resin 2.0.3
Caucho Resin 4.0.11
NA
CVE-2012-2969
Caucho Quercus, as distributed in Resin prior to 4.0.29, allows remote malicious users to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.
Caucho Resin 4.0.5
Caucho Resin 4.0.12
Caucho Resin 4.0.11
Caucho Resin 4.0.10
Caucho Resin 4.0.13
Caucho Resin 4.0.14
Caucho Resin 4.0.15
Caucho Resin 4.0.16
Caucho Resin 4.0.8
Caucho Resin 4.0.6
Caucho Resin 4.0.9
Caucho Resin 4.0.4
Caucho Resin 4.0.24
Caucho Resin 4.0.26
Caucho Resin 4.0.18
Caucho Resin 4.0.20
Caucho Resin 3.1.6
Caucho Resin 3.1.4
Caucho Resin 3.1.10
Caucho Resin 3.0.9
Caucho Resin 3.0.7
Caucho Resin 3.0.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »