Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-0958
php_variables.c in PHP prior to 5.0.2 allows remote malicious users to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
Php Php
1 EDB exploit
10
CVSSv2
CVE-2007-1383
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent malicious users to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
Php Php 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2007-1413
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and previous versions, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent malicious users to execute arbitrary code via a long value in the third argument (object id).
Php Php 4.4.6
Php Php
3 EDB exploits
7.5
CVSSv2
CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows malicious users to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
Php Php 4.0
Php Php 5.0.0
4.3
CVSSv2
CVE-2001-1524
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext pa...
Francisco Burzi Php-nuke 3.0
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 4.0
Francisco Burzi Php-nuke 4.3
Francisco Burzi Php-nuke 4.4
Francisco Burzi Php-nuke 4.4.1a
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.2
2 EDB exploits
10
CVSSv2
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote malicious users to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Php Php 3.0
Php Php 4.0
2 EDB exploits
3.3
CVSSv2
CVE-2011-1144
The installer in PEAR 1.9.2 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists be...
Php Pear 1.0
Php Pear 1.0.1
Php Pear 1.2
Php Pear 1.3.4
Php Pear 1.3.3.1
Php Pear 1.3
Php Pear 1.4.0
Php Pear 1.9.1
Php Pear 1.6.1
Php Pear 1.5.1
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear
Php Pear 0.2.2
Php Pear 0.9
Php Pear 0.90
Php Pear 1.2.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear 1.5.0
Php Pear 0.10
4.3
CVSSv2
CVE-2002-1954
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote malicious users to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
Php Php 4.2.3
1 EDB exploit
4.3
CVSSv2
CVE-2006-6824
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, ...
Php Icalendar Php Icalendar
Php Icalendar Php Icalendar 1.1
Php Icalendar Php Icalendar 2.2 Beta
Php Icalendar Php Icalendar 2.22
Php Icalendar Php Icalendar 2.24
8 EDB exploits
4.3
CVSSv2
CVE-2013-1804
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitra...
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.03
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »