Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hardened-php project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-3205
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote malicious users to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this...
Hardened-php Project Hardened-php
Hardened-php Project Subhosin
Php Php
NA
CVE-2004-1227
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and previous versions allows remote malicious users to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4)...
Sugarcrm Sugar Sales
1 EDB exploit
NA
CVE-2003-0536
Directory traversal vulnerability in phpSysInfo 2.1 and previous versions allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
Phpsysinfo Phpsysinfo 2.0
Phpsysinfo Phpsysinfo 2.1
1 EDB exploit
NA
CVE-2005-3347
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and previous versions, as used in phpgroupware 0.9.16 and previous versions, and egrouwpware prior to 1.0.0.009, allow remote malicious users to include arbitrary files via .. (dot dot) sequences in the (...
Phpgroupware Phpgroupware 0.9.16
NA
CVE-2005-3348
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and previous versions, as used in phpgroupware 0.9.16 and previous versions, and egroupware prior to 1.0.0.009, allows remote malicious users to spoof web content and poison web caches via CRLF sequences in the ...
Phpsysinfo Phpsysinfo 2.3
Phpsysinfo Phpsysinfo 2.4
Phpsysinfo Phpsysinfo 2.0
Phpsysinfo Phpsysinfo 2.1
NA
CVE-2005-0870
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_pick...
Phpsysinfo Phpsysinfo 2.3
2 EDB exploits
NA
CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and previous versions (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote malicious users to execute arbitrary PHP code via certain nested XML t...
Gggeek Phpxmlrpc
Debian Debian Linux 3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started