Php Exploits
1,334 exploits tracked across all sources.
SmodCMS 4.07 (fckeditor) - Arbitrary File Upload
by eidelweiss
Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload
by eidelweiss
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow (NX + ASLR Bypass)
by ryujin
Jzip <2.0.0.132900 - Buffer Overflow
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
by mr_me
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow
by Yakir Wizman
Cleanersoft Free Mp3 CD Ripper < 2.6 - Memory Corruption
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by mr_me
SiteX 0.7.4 beta - SQL Injection
SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
by Sc0rpi0n
JavaScriptCore.dll - DoS
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.
by 3lkt3F0k4
deV!L`z Clanportal 1.5.2 - Code Injection
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
by cr4wl3r
Joomla! Component com_races - Blind SQL Injection
by DevilZ TM
Php - Denial of Service
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
by Auke van Slooten
PHP <5.2.11 & 5.3.x <5.3.1 - Command Injection
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
by Hamid Ebadi
Opera <10.50 - RCE
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
by Marcin Ressel
Joomla! Component com_paxgallery - Blind Injection
by snakespc
Joomla! Component com_Joomlaconnect_be - Blind Injection
by snakespc
By Source