Php Exploits
1,334 exploits tracked across all sources.
PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service
by Yakir Wizman
PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference
by condis
PHP <5.4.3 - RCE
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
by 0in
Adobe Photoshop Cs5 - Memory Corruption
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.
by rgod
OpenConf <4.12 - SQL Injection
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by EgiX
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
by AkaStep
Webcalendar < 1.2.5 - Injection
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
by EgiX
CVSS 9.8
Webcalendar < 1.2.5 - Injection
Local file inclusion in WebCalendar before 1.2.5.
by EgiX
CVSS 8.8
NetworX CMS - Cross-Site Request Forgery (Add Admin)
by N3t.Crack3r
PHP <5.3.9 - RCE
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
by Stefan Esser
Kish Guest Posting <1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
by EgiX
Kish Guest Posting plugin 1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
by EgiX
Apprain < 0.1.5 - Unrestricted File Upload
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
by EgiX
WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! mod_simplefileuploadv1.3 <1.3.5 - RCE
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.
by gmda
By Source