Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-1582
The resource system in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 allows context-dependent malicious users to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error ...
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.7
Php Php 4.0
Php Php 4.2.3
Php Php 4.2
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 4.4.3
Php Php 5.0.0
Php Php 5.0.5
Php Php 5.0
Php Php 5.1.3
Php Php 5.1.4
Php Php 5.1.5
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.3.10
Php Php 4.3.11
1 EDB exploit
5.1
CVSSv2
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.4.7
Php Php 4.3.9
Php Php 4.3.8
Php Php 4.3.11
Php Php 4.3.10
Php Php 4.2.1
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.4.6
Php Php 4.4.5
Php Php 4.3.7
Php Php 4.3.6
Php Php 4.3.1
Php Php 4.3.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.4.1
Php Php 4.4.0
6.8
CVSSv2
CVE-2007-1001
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 allow context-dependent malicious users to execute arbitrary code via Wireless Bitmap (WBMP) ...
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.0
Php Php 4.4.1
Php Php 5.0.0
Php Php 5.0.3
Php Php 5.0.4
Php Php 5.1.1
Php Php 5.1.2
Php Php 4.0.4
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.10
Php Php 4.3.11
1 EDB exploit
5
CVSSv2
CVE-2007-1717
The mail function in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent malicious users to prevent intended information from being delivered in e-mail mes...
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.7
Php Php 4.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.5
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.3.11
Php Php 4.3.2
Php Php 4.3.9
Php Php 4.4.0
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 5.1.1
Php Php 4.1.0
1 EDB exploit
5
CVSSv2
CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP prior to 5.2.12 and 5.3.x prior to 5.3.1 allows context-dependent malicious users to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
Php Php 3.0.11
Php Php 3.0.12
Php Php 3.0.2
Php Php 3.0.3
Php Php 4.0
Php Php 4.0.0
Php Php 4.2.0
Php Php 4.3.1
Php Php 5.0.0
Php Php 5.0.3
Php Php 4.4.9
Php Php 5.2.10
Php Php 2.0
Php Php 2.0b10
Php Php 3.0
Php Php 3.0.15
Php Php 1.0
Php Php 3.0.13
Php Php 3.0.14
Php Php 3.0.4
Php Php 3.0.5
Php Php 4.0.1
4.3
CVSSv2
CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP prior to 5.4.43, 5.5.x prior to 5.5.27, and 5.6.x prior to 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle malicious users to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...
Php Php 5.5.0
Php Php 5.5.19
Php Php 5.5.25
Php Php 5.5.16
Php Php 5.5.1
Php Php 5.5.5
Php Php 5.5.21
Php Php 5.5.17
Php Php 5.5.14
Php Php 5.5.7
Php Php 5.5.12
Php Php 5.5.6
Php Php 5.5.3
Php Php 5.5.23
Php Php 5.5.8
Php Php 5.5.24
Php Php 5.5.15
Php Php 5.5.11
Php Php 5.5.13
Php Php 5.5.4
Php Php 5.5.26
Php Php 5.5.10
9.3
CVSSv2
CVE-2006-3017
zend_hash_del_key_or_index in zend_hash.c in PHP prior to 4.4.3 and 5.x prior to 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be use...
Php Php 3.0.13
Php Php 3.0.14
Php Php 3.0.5
Php Php 3.0.6
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.0
Php Php 3.0
Php Php 3.0.15
Php Php 3.0.16
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0.2
7.5
CVSSv2
CVE-2007-0909
Multiple format string vulnerabilities in PHP prior to 5.2.1 might allow malicious users to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
Php Php 3.0.1
Php Php 3.0.10
Php Php 3.0.17
Php Php 3.0.18
Php Php 3.0.9
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.10
Php Php 4.3.11
Php Php 4.3.8
Php Php 4.3.9
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.1.1
Php Php 5.1.2
Php Php 3.0.11
Php Php 3.0.12
Php Php 3.0.2
Php Php 3.0.3
6.4
CVSSv2
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP prior to 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote malicious users to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, v...
Php Php 5.3.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.4.1
Php Php 4.4.2
Php Php 3.0.11
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.3
Php Php 3.0.8
Php Php 3.0.5
Php Php
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.2.0
Php Php 4.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2011-1148
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and previous versions allows context-dependent malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
Php Php 5.3.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.1
Php Php 4.4.2
Php Php 4.4.9
Php Php 3.0.11
Php Php 3.0.18
Php Php 3.0.4
Php Php 3.0.8
Php Php 3.0.5
Php Php 5.3.5
Php Php
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »