Php Exploits
1,334 exploits tracked across all sources.
WS Interactive Automne 4.1 - '/admin/upload-controler.php' Arbitrary File Upload
by AutoSec Tools
PHP <5.3.6 - Memory Corruption
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
by dovbysh
PHP <5.3.6 - Memory Corruption
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
by dovbysh
WordPress Plugin PHP Speedy 0.5.2 - 'admin_container.php' Remote Code Execution
by mr_me
WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload
by AutoSec Tools
libxml2 2.6.x - 'XMLWriter::writeAttribute()' Memory Leak Information Disclosure
by Kees Cook
Php - Numeric Error
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
by Rick Regan
TYPO3 <4.2.16, 4.3.9, 4.4.5 - Path Traversal
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
by ikki
Typo3 < 4.2.15 - Access Control
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
by ikki
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by ikki
Microsoft Windows Fax Services Cover Page Editor <5.2 r2 - RCE
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
by rgod
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting on FrontPage
by Michael Brooks
Joomla! Component com_mtree 2.1.6 - Overwrite Cross-Site Request Forgery
by jdc
E-Xoopport 3.1 - 'display.php?katid' SQL Injection
by Vis Intelligendi
IBM Omnifind - Resource Management Error
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.
by Fatih Kilic
Scottmac Libmbfl - Improper Input Validation
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
by Mateusz Kocielski
By Source