Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.3.3 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-4023
The ip2long function in PHP 5.1.4 and previous versions may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote malicious users to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X...
Php Php 4.3.3
Php Php 5.0.2
Php Php 5.1.4
7.5
CVSSv2
CVE-2005-1042
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP prior to 4.3.11 may allow remote malicious users to execute arbitrary code via an IFD tag that leads to a negative byte count.
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.3.9
Php Php 4.3.10
3.2
CVSSv2
CVE-2006-1014
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent malicious users to read and create arbitrary files by pr...
Php Php 4.0.0
Php Php 4.2
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.3.9
Php Php 4.3.10
Php Php 4.3.11
Php Php 4.4.0
1 EDB exploit
9.3
CVSSv2
CVE-2004-2692
The exec_dir PHP patch (php-exec-dir) 4.3.2 up to and including 4.3.7 with safe mode disabled allows remote malicious users to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
Kyberdigi Labs Php-exec-dir 4.3.2
Kyberdigi Labs Php-exec-dir 4.3.3
Kyberdigi Labs Php-exec-dir 4.3.4
Kyberdigi Labs Php-exec-dir 4.3.5
Kyberdigi Labs Php-exec-dir 4.3.6
Kyberdigi Labs Php-exec-dir 4.3.7
1 EDB exploit
2.6
CVSSv2
CVE-2007-2727
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP prior to 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-depen...
Php Php
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2.0
5
CVSSv2
CVE-2005-3353
The exif_read_data function in the Exif module in PHP prior to 4.4.1 allows remote malicious users to cause a denial of service (infinite loop) via a malformed JPEG image.
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.2.1
2.1
CVSSv2
CVE-2006-2660
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x prior to 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from be...
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.2.2
5
CVSSv2
CVE-2005-3883
CRLF injection vulnerability in the mb_send_mail function in PHP prior to 5.1.0 might allow remote malicious users to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.0
Php Php 4.3.1
4.3
CVSSv2
CVE-2005-3388
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2
1 EDB exploit
5
CVSSv2
CVE-2005-3389
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote malicious users to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set...
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.2
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
desktop browser
urbancode velocity
CVE-2024-57932
CVE-2025-21655
CVE-2024-12084
CVE-2023-34960
unauthorized
CSRF
CVE-2024-57913
privilege
CVE-2025-21649
itsourcecode
cp-xr-de21-s router
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »