Php Exploits
1,332 exploits tracked across all sources.
Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload
by eidelweiss
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow (NX + ASLR Bypass)
by ryujin
Jzip <2.0.0.132900 - Buffer Overflow
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
by mr_me
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow
by Yakir Wizman
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by mr_me
SiteX 0.7.4 beta - SQL Injection via albumid Parameter
SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
by Sc0rpi0n
Apple Safari - Denial of Service via Repeated <object> Substring
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.
by 3lkt3F0k4
deV!L`z Clanportal 1.5.2 - Code Injection
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
by cr4wl3r
Joomla! Component com_races - Blind SQL Injection
by DevilZ TM
PHP 5.3.1 - Denial of Service via xmlrpc_decode_request NULL Pointer Dereference
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
by Auke van Slooten
PHP <5.2.11 & 5.3.x <5.3.1 - Command Injection
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
by Hamid Ebadi
Opera 10.10-10.50 - Remote Code Execution via Large Content-Length Header
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
by Marcin Ressel
Joomla! Component com_paxgallery - Blind Injection
by snakespc
Joomla! Component com_Joomlaconnect_be - Blind Injection
by snakespc
PHP <5.2.13, 5.3.1 - Info Disclosure
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
by Grzegorz Stachowiak
By Source