Php Exploits
1,334 exploits tracked across all sources.
Looking Glass 20040427 - RCE
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
by rgod
Zorum 3.5 - RCE
gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter.
by rgod
WordPress Core 1.5.1.3 - Remote Code Execution
by Kartoffelguru
Flatnuke - Path Traversal
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
by rgod
Ubbcentral Ubb.threads - SQL Injection
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
by mh_p0rtal
Claroline 1.5.3-1.6 RC - SQL Injection
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
by mh_p0rtal
Mambo - SQL Injection
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
by pokleyzz
Invision Power Board 1.3.1 - 'login.php' SQL Injection
by anonymous
Flatnuke - Code Injection
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
by SecWatch
Phpstat - Improper Input Validation
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
by Nikyt0x
Phpstat - Improper Input Validation
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
by mh_p0rtal
Maxwebportal - SQL Injection
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
by mh_p0rtal
Fusionphp Fusion News 3.3/3.6 - X-Forworded-For PHP Script Code Injection
by Network security team
Web-app.org Webapp - Improper Input Validation
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
by Nikyt0x
MySQL <4.0.23 & <4.1.11 - Privilege Escalation
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
by Stefano Di Paola
vBulletin <3.0.4 - Code Injection
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
by AL3NDALEEB
PHP 4.x/5.0 Shared Memory Module - Offset Memory Corruption
by Stefano Di Paola
Trend ScanMail - Info Disclosure
Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.
by DokFLeed
PHP 4.0 - Open Redirect
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
by FraMe
Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass
by bashis
Mantis Bugtracker - Info Disclosure
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
by Jose Antonio
Gallery <1.4.4_p2 - RCE
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.
by aCiDBiTS
By Source