Php Exploits
1,332 exploits tracked across all sources.
osCommerce <= 2.2 RC2a - Unauthenticated Arbitrary File Upload via Admin File Manager
osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.
by flyh4t
Google Chrome 6.0.472 - 'Math.Random()' Random Number Generation
by Amit Klein
Kunena Forum <1.5.4 - SQL Injection
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.
by ilker Kandemir
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
by Maksymilian Arciemowicz
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
by Maksymilian Arciemowicz
PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass
by Maksymilian Arciemowicz
Joomla! Component com_pms 2.0.4 - 'Ignore-List' SQL Injection
by M4dhead
Arab Portal 2.x - Authenticated SQL Injection via forum.php qc Parameter
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
by rEcruit
Allomani Audio & Video Library (Songs & Clips) <2.7.0 - SQL Injection
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by Qabandi
Allomani Movies Library <2.7.0 - SQL Injection
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by Qabandi
Allomani Mobile 2.5 - SQL Injection via Login Username Parameter
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by Qabandi
Pixaria Gallery 2.0.0-2.3.5 - Path Traversal via Base64-Encoded File Parameter
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
by Qabandi
e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure
by NoGe
VivaPrograms Infinity < 2.0.5 - Unauthenticated Administrative Account Creation via Profile Action
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.
by Qabandi
MorcegoCMS < 1.7.6 - SQL Injection via Fichero.php Query String
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
by darkjoker
Mlffat 2.2 - SQL Injection via Member Cookie in Edit Profile Action
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
by Qabandi
YourTube 2.0 - Arbitrary Database Disclosure
by Security Code Team
Zen Cart <= 1.3.8a - Unauthenticated Arbitrary File Upload via record_company_image Parameter
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
by BlackH
phpMyAdmin 2.11.0-2.11.9.4 and 3.x < 3.1.3.1 - Remote Code Injection via Setup Configuration Save
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
by Hacking Expose!
CVSS 9.8
MyBB <1.4.7 - SQL Injection
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
by The:Paradox
By Source