Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-3062
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote malicious users to execute arbitrary PHP code via the mode parameter.
Alstrasoft E-friends 4.0
7.5
CVSSv2
CVE-2005-2614
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote malicious users to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
Crosscom Olicom Discuz
7.5
CVSSv2
CVE-2005-1629
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote malicious users to execute arbitrary SQL commands via the verifykey parameter.
Photopost Photopost Php Pro 4.0
Photopost Photopost Php Pro 3.1
Photopost Photopost Php Pro 4.1
Photopost Photopost Php Pro 5.0 Rc3
Photopost Photopost Php Pro 3.3
Photopost Photopost Php Pro 4.6
Photopost Photopost Php Pro 4.8.1
Photopost Photopost Php Pro 3.2
1 EDB exploit
7.5
CVSSv2
CVE-2005-0239
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote malicious users to execute arbitrary commands via shell metacharacters in the cert parameter.
Squirrelmail S Mime Plugin 0.5
Squirrelmail S Mime Plugin 0.4
7.5
CVSSv2
CVE-2005-0152
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote malicious users to execute arbitrary code via "URL manipulation."
Squirrelmail Squirrelmail 1.2.6
7.5
CVSSv2
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote malicious users to download or view database backups, which have easily guessable filenames and conta...
Php Fusion Php Fusion 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2004-2053
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote malicious users to execute arbitrary PHP code via the site parameter.
Easyins Easyins Stadtportal 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2004-1870
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and previous versions allow remote malicious users to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat paramet...
Photopost Photopost Php Pro 4.0
Photopost Photopost Php Pro 3.1
Photopost Photopost Php Pro 4.1
Photopost Photopost Php Pro 3.3
Photopost Photopost Php Pro 4.6
Photopost Photopost Php Pro 4.8.1
Photopost Photopost Php Pro 3.2
2 EDB exploits
7.5
CVSSv2
CVE-2003-0166
Integer signedness error in emalloc() function for PHP prior to 4.3.2 allow remote malicious users to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly ...
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.2.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.1.1
Php Php 4.2.3
Php Php 4.0
Php Php 4.0.6
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.2.1
Php Php 4.0.1
Php Php 4.0.3
3 EDB exploits
7.5
CVSSv2
CVE-2002-1211
Prometheus 6.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.
Jason Orcutt Prometheus 3.0 Beta
Jason Orcutt Prometheus 4.0 Beta
Jason Orcutt Prometheus 6.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »