Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.3.6 vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2004-1020
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote malicious users to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected b...
Php Php 4.3.9
Php Php 5.0
Php Php 4.3.6
Php Php 5.0.1
Php Php 4.3.7
Php Php 5.0.2
Php Php 5.0.0
Php Php 4.3.8
1 EDB exploit
668
VMScore
CVE-2005-1042
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP prior to 4.3.11 may allow remote malicious users to execute arbitrary code via an IFD tag that leads to a negative byte count.
Php Php 4.3.9
Php Php 4.3.4
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.8
Php Php 4.3.5
325
VMScore
CVE-2006-1014
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent malicious users to read and create arbitrary files by pr...
Php Php 4.3.9
Php Php 5.0.0
Php Php 4.3.4
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 4.3.7
Php Php 5.0.4
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.3.3
Php Php 5.0.3
Php Php 5.1.0
Php Php 4.4.0
Php Php 4.3.10
Php Php 5.0.2
Php Php 4.2
Php Php 4.4.1
Php Php 4.3.8
Php Php 4.3.5
1 EDB exploit
540
VMScore
CVE-2005-3353
The exif_read_data function in the Exif module in PHP prior to 4.4.1 allows remote malicious users to cause a denial of service (infinite loop) via a malformed JPEG image.
Php Php 4.3.9
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.0.2
Php Php 4.3.3
Php Php 4.1.1
Php Php 4.2.3
Php Php 4.0.6
Php Php 4.1.2
Php Php 4.3.1
Php Php 4.4.0
Php Php 4.3.10
231
VMScore
CVE-2007-2727
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP prior to 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-depen...
Php Php 4.3.9
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.3.6
Php Php 4.0.7
Php Php 4.3.7
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.3
Php Php 4.0.2
Php Php 4.3.3
Php Php 4.1.1
Php Php 4.2.3
Php Php 4.0.1
Php Php 4.0.6
Php Php 4.1.2
Php Php 4.3.1
445
VMScore
CVE-2005-3883
CRLF injection vulnerability in the mb_send_mail function in PHP prior to 5.1.0 might allow remote malicious users to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Php Php 4.3.9
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.3.0
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 4.0.7
Php Php 4.3.7
Php Php 5.0.4
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.3.3
Php Php 4.1.1
Php Php 5.0.3
Php Php 4.2.3
Php Php 4.0.6
Php Php 4.1.2
Php Php 4.3.1
187
VMScore
CVE-2006-2660
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x prior to 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from be...
Php Php 4.3.9
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.3.6
Php Php 5.1.4
Php Php 4.3.7
Php Php 4.2.2
Php Php 4.4.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.0.2
Php Php 4.3.3
Php Php 4.1.1
Php Php 4.4.3
Php Php 4.2.3
Php Php 4.1.2
Php Php 4.3.1
935
VMScore
CVE-2004-2692
The exec_dir PHP patch (php-exec-dir) 4.3.2 up to and including 4.3.7 with safe mode disabled allows remote malicious users to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
Kyberdigi Labs Php-exec-dir 4.3.7
Kyberdigi Labs Php-exec-dir 4.3.3
Kyberdigi Labs Php-exec-dir 4.3.4
Kyberdigi Labs Php-exec-dir 4.3.5
Kyberdigi Labs Php-exec-dir 4.3.6
Kyberdigi Labs Php-exec-dir 4.3.2
1 EDB exploit
231
VMScore
CVE-2006-0208
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote malicious users to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting...
Php Php 4.3.9
Php Php 4.0
Php Php 4.2.0
Php Php 5.1.1
Php Php 5.0.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 4.3.7
Php Php 5.0.4
Php Php 4.2.2
Php Php 4.4.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.0.2
Php Php 4.3.3
250
VMScore
CVE-2005-3319
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x prior to 5.1.0 final and 4.4 prior to 4.4.1 final allows malicious users to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
Php Php 4.3.9
Php Php 4.2.0
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.0.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 5.0
Php Php 5.0.5
Php Php 4.3.6
Php Php 5.0.1
Php Php 4.0.7
Php Php 4.3.7
Php Php 5.0.4
Php Php 4.2.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.0.3
Php Php 4.0.2
Php Php 4.3.3
Php Php 4.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »