Exploitdb Exploits
1,269 exploits tracked across all sources.
Php Blue Dragon CMS 3.0.0 - SQL Injection
SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.
by Kacper
Php Blue Dragon <2.9.1 - Path Traversal
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
by Kacper
Php < 5.2.3 - Memory Corruption
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
by Inphex
PHP 5.2.3 - RCE
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
by Inphex
PHP 5.2.3 - RCE
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
by NetJackal
LinPHA <1.3.1 - SQL Injection
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
by EgiX
PHP 5.x - 'Win32service' Local 'Safe_Mode()' Bypass
by NetJackal
t1lib 5.1.1 - Buffer Overflow
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
by r0ut3r
t1lib 5.1.1 - Buffer Overflow
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
by r0ut3r
PHP <5.2.3 - Command Injection
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
by shinnai
Php < 5.2.3 - Memory Corruption
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
by shinnai
Php - Improper Input Validation
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
by shinnai
Mkportal - SQL Injection
Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.
by Coloss
Php - Denial of Service
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
by shinnai
AV Tutorial Script <1.0 - RCE
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
by Dj7xpl
MyCMS <0.9.8 - RCE
PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by BlackHawk
Postnuke Software Foundation Pnphpbb2 < 1.2i - SQL Injection
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
by Coloss
Mycms < 0.9.8 - Code Injection
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
by BlackHawk
MyCMS <0.9.8 - Privilege Escalation
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
by BlackHawk
Dreamlog - Unrestricted File Upload
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
by Dj7xpl
Pluxml - Unrestricted File Upload
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
by DarkFig
Simple Invoices - SQL Injection
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
by Kacper
Pluxml - XSS
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by DarkFig
Efstratios Geroulis Jasmine Cms - Path Traversal
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
by Silentz
Php - Memory Corruption
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
by rgod
By Source