Andrew Kramer

2 exploits Active since Jan 2016
CVE-2016-4071 EXPLOITDB CRITICAL php WORKING POC
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Remote Code Execution via SNMP::get Format String Specifiers
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
CVSS 9.8
CVE-2015-8617 EXPLOITDB CRITICAL text WORKING POC
PHP 7.x < 7.0.1 - Remote Code Execution via Format String Specifiers in Class Name
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
CVSS 9.8