Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 7.1.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-7479
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Php Php 7.1.0
Php Php 7.0.0
Php Php 7.0.3
Php Php 7.0.4
Php Php 7.0.1
Php Php 7.0.10
Php Php 7.0.5
Php Php 7.0.6
Php Php 7.0.11
Php Php 7.0.12
Php Php 7.0.7
Php Php 7.0.8
Php Php 7.0.14
Php Php 7.0.2
Php Php 7.0.9
9.8
CVSSv3
CVE-2017-5340
Zend/zend_hash.c in PHP prior to 7.0.15 and 7.1.x prior to 7.1.1 mishandles certain cases that require large array allocations, which allows remote malicious users to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of ar...
Php Php
Netapp Clustered Data Ontap -
7.8
CVSSv3
CVE-2017-11628
In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...
Php Php
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.0.19
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.0.12
Php Php 7.0.13
Php Php 7.0.16
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.20
Php Php 7.0.15
Php Php 7.0.18
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
Php Php 7.0.17
Php Php 7.0.5
Php Php 7.0.10
Php Php 7.0.0
Php Php 7.0.6
7.8
CVSSv3
CVE-2016-10168
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) prior to 2.2.4 allows remote malicious users to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
Libgd Libgd
7.5
CVSSv3
CVE-2017-11142
In PHP prior to 5.6.31, 7.x prior to 7.0.17, and 7.1.x prior to 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
Php Php 7.0.0
Php Php 7.0.1
Php Php 7.0.8
Php Php 7.0.9
Php Php 7.1.0
Php Php 7.1.1
Php Php 7.0.4
Php Php 7.0.5
Php Php 7.0.12
Php Php 7.0.13
Php Php
Php Php 7.0.6
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.15
Php Php 7.0.16
Php Php 7.0.2
Php Php 7.0.3
Php Php 7.0.10
Php Php 7.0.11
Php Php 7.1.2
7.5
CVSSv3
CVE-2017-11144
In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative n...
Php Php 7.1.0
Php Php 7.1.6
Php Php 7.0.11
Php Php 7.0.4
Php Php 7.1.3
Php Php 7.1.5
Php Php 7.0.19
Php Php 7.0.3
Php Php 7.0.1
Php Php 7.1.2
Php Php 7.0.12
Php Php 7.0.13
Php Php 7.0.16
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.20
Php Php 7.0.15
Php Php
Php Php 7.0.18
Php Php 7.0.2
Php Php 7.0.9
Php Php 7.0.8
6.1
CVSSv3
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery Jquery
Drupal Drupal
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Weblogic Server 12.1.3.0.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Communications Webrtc Session Controller 7.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Product Lifecycle Management For Process 6.2.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Jdeveloper 12.2.1.3.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
13 Github repositories
NA
CVE-2024-3806
CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta Porto 7.1.0: https://drive.google.com/file/d...
1 Github repository
NA
CVE-2024-3807
CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta Porto 7.1.0: https://drive.google.com/file/d...
1 Github repository
NA
CVE-2014-0103
WebAccess in Zarafa prior to 7.1.10 and WebApp prior to 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Fedoraproject Fedora 19
Zarafa Zarafa 7.0.10
Zarafa Zarafa 7.0.12
Zarafa Zarafa 7.0.7
Zarafa Zarafa 7.0.9
Zarafa Webapp
Zarafa Zarafa
Zarafa Zarafa 7.0
Zarafa Zarafa 7.0.1
Zarafa Zarafa 7.1.1
Zarafa Zarafa 7.0.2
Zarafa Zarafa 7.0.3
Zarafa Zarafa 7.0.4
Zarafa Zarafa 7.0.5
Zarafa Zarafa 7.1.2
Zarafa Zarafa 7.1.3
Zarafa Zarafa 7.1.4
Fedoraproject Fedora 20
Zarafa Zarafa 7.0.11
Zarafa Zarafa 7.0.13
Zarafa Zarafa 7.0.6
Zarafa Zarafa 7.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started