Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.5 vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2001-1011
index2.php in Mambo Site Server 3.0.0 up to and including 3.0.5 allows remote malicious users to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
Mambo Mambo Site Server 3.0.4
Mambo Mambo Site Server 3.0.5
Mambo Mambo Site Server 3.0.2
Mambo Mambo Site Server 3.0.3
Mambo Mambo Site Server 3.0
Mambo Mambo Site Server 3.0.1
685
VMScore
CVE-2006-5048
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and previous versions for Joomla! allow remote malicious users to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang...
Waltercedric Com Securityimages
Waltercedric Com Securityimages 2.2.5
Waltercedric Com Securityimages 2.2.6
Waltercedric Com Securityimages 3.00
Waltercedric Com Securityimages 3.0.3
Waltercedric Com Securityimages 3.0.4
1 EDB exploit
755
VMScore
CVE-2004-1515
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote malicious users to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
Jelsoft Vbulletin 3.0.0
Jelsoft Vbulletin 3.0.4
Jelsoft Vbulletin 3.0.5
Jelsoft Vbulletin 3.0.0 Beta 2
Jelsoft Vbulletin 3.0.0 Can4
Jelsoft Vbulletin 3.0.6
Jelsoft Vbulletin 3.0 Beta 2
Jelsoft Vbulletin 3.0.0 Rc4
Jelsoft Vbulletin 3.0.1
Jelsoft Vbulletin 3.0.2
Jelsoft Vbulletin 3.0.3
1 EDB exploit
668
VMScore
CVE-2013-4557
The Security Screen (_core_/securite/ecran_securite.php) prior to 1.1.8 for SPIP, as used in SPIP 3.0.x prior to 3.0.12, allows remote malicious users to execute arbitrary PHP via the connect parameter.
Spip Spip 3.0.0
Spip Spip 3.0.1
Spip Spip 3.0.8
Spip Spip 3.0.9
Spip Spip 3.0.4
Spip Spip 3.0.5
Spip Spip 3.0.2
Spip Spip 3.0.3
Spip Spip 3.0.10
Spip Spip 3.0.11
Spip Spip 3.0.6
Spip Spip 3.0.7
668
VMScore
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.3
801
VMScore
CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin up to and including 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated ...
Elementor Elementor Pro
668
VMScore
CVE-2014-8350
Smarty prior to 3.1.21 allows remote malicious users to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Smarty Smarty 3.1.16
Smarty Smarty 3.1.15
Smarty Smarty 3.1.6
Smarty Smarty 3.1.5
Smarty Smarty 3.1.19
Smarty Smarty 3.1.18
Smarty Smarty 3.1.17
Smarty Smarty 3.1.8
Smarty Smarty 3.1.7
Smarty Smarty 3.1.10
Smarty Smarty 3.1.1
Smarty Smarty 3.0.2
Smarty Smarty 3.0.1
Smarty Smarty 3.0.0
Smarty Smarty 2.6.4
Smarty Smarty 2.6.3
Smarty Smarty 2.6.17
Smarty Smarty 2.6.16
Smarty Smarty 2.6.1
Smarty Smarty 2.6.0
Smarty Smarty 2.4.2
Smarty Smarty 2.4.1
668
VMScore
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 3.0.1
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 2.1.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.7
Spip Spip 2.0.6
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 2.0.12
Spip Spip 2.0.11
Spip Spip 3.1.0
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.17
668
VMScore
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 3.0.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.1.3
Spip Spip 2.0.8
Spip Spip 3.1.0
Spip Spip 3.0.20
Spip Spip 3.0.2
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.15
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.1.12
383
VMScore
CVE-2012-4437
Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) prior to 3.1.12 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.
Smarty Smarty 2.6.10
Smarty Smarty 2.6.17
Smarty Smarty 2.6.7
Smarty Smarty 3.1.1
Smarty Smarty 2.6.13
Smarty Smarty 2.6.0
Smarty Smarty 2.6.11
Smarty Smarty 1.5.1
Smarty Smarty 2.4.1
Smarty Smarty 2.4.0
Smarty Smarty 2.6.25
Smarty Smarty 1.0
Smarty Smarty 3.1.8
Smarty Smarty 2.6.18
Smarty Smarty 3.0.0
Smarty Smarty 1.4.3
Smarty Smarty 1.4.4
Smarty Smarty 3.0.1
Smarty Smarty 1.1.0
Smarty Smarty 1.2.1
Smarty Smarty 3.1.3
Smarty Smarty 3.1.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »