Adam

8 exploits Active since May 2013
CVE-2013-3735 WRITEUP HIGH WRITEUP
PHP < 5.4.16 RC1 and 5.5.0 < RC2 - Denial of Service via Crafted Function Definition
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.
CVSS 7.5
CVE-2012-6696 WRITEUP CRITICAL WRITEUP
inspircd < 2.0.5 - Denial of Service via Unsigned Integer Handling
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.
CVSS 9.8
CVE-2012-6697 WRITEUP HIGH WRITEUP
InspIRCd < 2.0.7 - Denial of Service via Infinite Loop
InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).
CVSS 7.5
CVE-2013-3735 WRITEUP HIGH WRITEUP
PHP < 5.4.16 RC1 and 5.5.0 < RC2 - Denial of Service via Crafted Function Definition
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.
CVSS 7.5
CVE-2025-25286 WRITEUP CRITICAL WRITEUP
Islandora Crayfish < 4.1.0 - Remote Code Execution via Homarus Convert Endpoint
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in `islandora/crayfish:4.1.0`. Some workarounds are available. The exploit requires making a request against the Homarus's `/convert` endpoint; therefore, the ability to exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Homarus. Alternatively or additionally, configure auth in Crayfish to be more strongly required, such that requests with `Authorization` headers that do not validate are rejected before the problematic CLI interpolation occurs.
CVSS 9.8
CVE-2025-52557 WRITEUP HIGH WRITEUP
Mail-0 Zero 0.8 - Cross-Site Scripting via Crafted Email
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
EIP-2026-109662 EXPLOITDB text WORKING POC
My Click Counter 1.0 - Authentication Bypass
EIP-2026-107252 EXPLOITDB text WORKING POC
Friends in War Make or Break 1.7 - Authentication Bypass