Php Exploits
1,332 exploits tracked across all sources.
IceWarp Merak Mail Server 9.4.1 - Stack-Based Buffer Overflow via Base64FileEncode Method
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.
by Nine:Situations:Group
LightBlog 9.9.2 - 'register.php' Remote Code Execution
by EgiX
Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection
by EgiX
Geeklog 1.5.2 - 'usersettings.php' SQL Injection
by Nine:Situations:Group::bookoo
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection
by Nine:Situations:Group
FTPDMIN 0.96 (Windows XP SP3) - 'RNFR' Remote Buffer Overflow
by surfista
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass
by Maksymilian Arciemowicz
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
by Nine:Situations:Group
glFusion <= 1.1.2 - SQL Injection via glf_session Cookie Parameter
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
by Nine:Situations:Group
glFusion < 1.1.3 - Unauthenticated Privilege Escalation via Password Hash Cookie
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
by Nine:Situations:Group
Podcast Generator <= 1.1 - Unauthenticated Arbitrary File Deletion via Admin Delete Endpoint
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
by BlackHawk
podcast_generator <= 1.1 - Authenticated PHP Code Injection via Recent Parameter
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
by BlackHawk
W3C Amaya Web Browser 11.1 - Remote Code Execution via Long Defer Attribute in Script Tag
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
by Alfons Luja
glFusion <= 1.1.2 - SQL Injection via Order and Direction Parameters
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
by Nine:Situations:Group
Pluck 4.6.1 - Path Traversal via Post Parameter
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
by Alfons Luja
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
by YOUCODE
BS.Player <=2.34 Build 980 - Stack-based Buffer Overflow via Long Hostname in .bsl Playlist File
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
by Nine:Situations:Group
CDex 1.70b2 - Remote Code Execution via Crafted Ogg Vorbis Info Header
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
by Nine:Situations:Group
Joomla! Component com_iJoomla_archive - Blind SQL Injection
by Stack
Joomla! Component com_digistore - 'pid' Blind SQL Injection
by InjEctOr5
FCKeditor 2.2 - Remote Code Execution via ZIP File Upload
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
by Sp3shial
Rhadrix If-CMS <2.07 - SQL Injection
SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
WEBalbum 2.4b - SQL Injection via photo.php id Parameter
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mehmet Ince
By Source