Php Exploits
1,332 exploits tracked across all sources.
Alternative PHP Cache (APC) <3.0.16 - Buffer Overflow
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename.
by dannyp
peel < 3.0 - Exposure of Sensitive Information via phpinfo.php
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
by Charles Fol
PEEL - SQL Injection via Email Parameter or Timestamp Parameter
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
by Charles Fol
PEEL - Authenticated Arbitrary File Upload via Modified Content Type in administrer/produits.php
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
by Charles Fol
PEEL < 3.0 - Default Credentials for Admin Access
PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.
by Charles Fol
Danneo CMS < 0.5.1 - SQL Injection via HTTP Referer Header
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
by InATeam
phpMyNewsletter <0.8 beta 5 - SQL Injection
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.
by Charles Fol
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution
by DarkFig
zkup CMS 2.0-2.3 - Remote Code Execution via Null Byte Injection in Login Parameter
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
by Charles Fol
zKup CMS 2.0-2.3 - Unauthenticated Privilege Escalation via Direct Admin Configuration Access
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
by Charles Fol
zKup CMS 2.0-2.3 - Unauthenticated Privilege Escalation via Direct Admin Configuration Access
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
by Charles Fol
PunBB <= 1.2.16 - Authenticated Password Reset Brute Force via Predictable Random Seed
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
by EpiBite
WoltLab Burning Board 3.0.3 PL 1 - SQL Injection via PMList sortOrder Parameter
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
by NBBN
Mihalism Multi Host - SQL Injection via Username Parameter
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
by Moubik
WordPress <2.3.2 - Authenticated RCE
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
by Alexander Concha
Yahoo! Music Jukebox 2.2.2.056 - Stack-Based Buffer Overflow via AddImage Method
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
by anonymous
Yahoo! Music Jukebox 2.2.2.56 - Buffer Overflow via Datagrid ActiveX AddButton Method
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
by anonymous
WassUp Plugin 1.4-1.4.3 - SQL Injection via from_date or to_date Parameter
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
by enter_the_dragon
AdServe 0.2 - SQL Injection via id Parameter
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by enter_the_dragon
Firebird < 1.0.3, 1.5.x < 1.5.6, 2.0.x < 2.0.4, 2.1.x < 2.1.0 RC1 - Remote Code Execution via Crafted XDR Requests
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
by Damian Frizza
PHP 5.2.4 and 5.2.5 - Arbitrary File Read via cURL file:// Null Byte Bypass
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
by Maksymilian Arciemowicz
Coppermine Photo Gallery <1.4 - SQL Injection
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
by RST/GHC
PHP-Nuke < 8.0_final - SQL Injection via Search Module sid Parameter
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
by RST/GHC
By Source