Php Exploits
1,332 exploits tracked across all sources.
PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service
by Yakir Wizman
PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference
by condis
PHP < 5.4.3 - Remote Code Execution via COM Object VARIANT Type Handling
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
by 0in
Adobe Photoshop CS5 12.x-12.0.4 and CS5.1 12.1.x-12.1.0 - Remote Code Execution via U3D Library Collada Asset Element
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.
by rgod
OpenConf < 4.12 - SQL Injection via Author Edit PID Parameter
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by EgiX
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
by AkaStep
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
by EgiX
CVSS 9.8
WebCalendar < 1.2.5 - Local File Inclusion
Local file inclusion in WebCalendar before 1.2.5.
by EgiX
CVSS 8.8
NetworX CMS - Cross-Site Request Forgery (Add Admin)
by N3t.Crack3r
PHP 5.3.9 - Remote Code Execution via Large Number of Variables
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
by Stefan Esser
Kish Guest Posting Plugin < 1.2 - Unauthenticated Arbitrary File Upload via uploadify.php
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
by EgiX
Kish Guest Posting plugin 1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
by EgiX
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
by EgiX
WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload
by Sammy FORGIT
mod_simplefileupload < 1.3.5 - Remote Code Execution via Incomplete Blacklist Bypass
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.
by gmda
By Source