Php Exploits
1,334 exploits tracked across all sources.
Alternative PHP Cache (APC) <3.0.16 - Buffer Overflow
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename.
by dannyp
PEEL <3.x - Info Disclosure
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
by Charles Fol
PEEL <3.x - SQL Injection
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
by Charles Fol
PEEL <3.x - RCE
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
by Charles Fol
PEEL <3.x - Info Disclosure
PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.
by Charles Fol
Danneo CMS <0.5.1 - SQL Injection
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
by InATeam
phpMyNewsletter <0.8 beta 5 - SQL Injection
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.
by Charles Fol
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution
by DarkFig
Zkup - Code Injection
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
by Charles Fol
Zkup - Authentication Bypass
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
by Charles Fol
Zkup - Authentication Bypass
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
by Charles Fol
PunBB <1.2.16 - Info Disclosure
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
by EpiBite
Woltlab Burning Board - SQL Injection
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
by NBBN
Mihalism Multi Host - SQL Injection
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
by Moubik
WordPress <2.3.2 - Authenticated RCE
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
by Alexander Concha
Yahoo Music Jukebox - Memory Corruption
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
by anonymous
Yahoo Music Jukebox - Memory Corruption
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
by anonymous
Wordpress Wassup Plugin < 1.4.3 - SQL Injection
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
by enter_the_dragon
Wordpress Adserve - SQL Injection
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by enter_the_dragon
Firebird < 1.0.3 - Numeric Error
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
by Damian Frizza
Php - Access Control
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
by Maksymilian Arciemowicz
Coppermine Photo Gallery <1.4 - SQL Injection
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
by RST/GHC
By Source