Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.2.1 vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2020-12469
admin/blocks.php in Subrion CMS up to and including 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
Intelliants Subrion
668
VMScore
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
445
VMScore
CVE-2018-19789
An issue exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9, and 4.2.x prior to 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's t...
Sensiolabs Symfony
Debian Debian Linux 8.0
516
VMScore
CVE-2018-19790
An open redirect exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9 and 4.2.x prior to 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redi...
Sensiolabs Symfony
Fedoraproject Fedora 28
Debian Debian Linux 8.0
580
VMScore
CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote malicious users to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Intelliants Subrion Cms 4.2.1
2 Github repositories
580
VMScore
CVE-2017-10993
Contao prior to 3.5.28 and 4.x prior to 4.4.1 allows remote malicious users to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Contao Contao Cms 4.3.1
Contao Contao Cms 4.3.2
Contao Contao Cms 4.3.3
Contao Contao Cms 4.3.5
Contao Contao Cms 4.2.0
Contao Contao Cms 4.1.1
Contao Contao Cms
Contao Contao Cms 4.3.10
Contao Contao Cms 4.3.11
Contao Contao Cms 4.3.0
Contao Contao Cms 4.1.0
Contao Contao Cms 4.0.1
Contao Contao Cms 4.0.2
Contao Contao Cms 4.0.3
Contao Contao Cms 4.4.0
Contao Contao Cms 4.3.6
Contao Contao Cms 4.3.8
Contao Contao Cms 4.2.2
Contao Contao Cms 4.2.4
Contao Contao Cms 4.1.3
Contao Contao Cms 4.0.4
Contao Contao Cms 4.0.0
605
VMScore
CVE-2014-9037
WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
445
VMScore
CVE-2013-4635
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP prior to 5.3.26 and 5.4.x prior to 5.4.16 allows context-dependent malicious users to cause a denial of service (application hang) via a large argument to the jdtojewish function.
Php Php 5.3.20
Php Php 5.3.19
Php Php 5.3.8
Php Php 5.3.11
Php Php 5.3.5
Php Php 5.3.9
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.13
Php Php 5.2.4
Php Php 5.2.3
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.0.0
Php Php 4.3.10
Php Php 4.3.5
Php Php 4.2.1
Php Php 4.4.7
Php Php 4.3.0
Php Php 4.4.3
Php Php 4.4.4
Php Php 4.0
445
VMScore
CVE-2013-2110
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP prior to 5.3.26 and 5.4.x prior to 5.4.16 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ar...
Php Php 5.3.20
Php Php 5.3.12
Php Php 5.3.8
Php Php 5.3.5
Php Php 5.3.9
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.6
Php Php 5.2.4
Php Php 5.1.1
Php Php 5.1.0
Php Php 5.0.0
Php Php 4.3.5
Php Php 4.2.1
Php Php 4.4.6
Php Php 4.4.7
Php Php 4.4.2
Php Php 4.4.3
Php Php 4.0
Php Php 4.0.6
Php Php 4.1.0
Php Php 4.0.7
668
VMScore
CVE-2013-1635
ext/soap/soap.c in PHP prior to 5.3.22 and 5.4.x prior to 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote malicious users to bypass intended access restrictions by triggering the creation of c...
Php Php 4.3.9
Php Php 4.4.9
Php Php 3.0
Php Php
Php Php 5.2.9
Php Php 4.0
Php Php 3.0.5
Php Php 3.0.11
Php Php 5.3.10
Php Php 5.1.5
Php Php 5.3.6
Php Php 5.3.9
Php Php 5.1.2
Php Php 5.3.1
Php Php 4.2.0
Php Php 5.1.1
Php Php 3.0.1
Php Php 5.3.18
Php Php 5.2.14
Php Php 3.0.2
Php Php 4.4.4
Php Php 5.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »