Php Exploits
1,334 exploits tracked across all sources.
Jaws 0.3 - Auth Bypass
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
by Fernando Quintero
osTicket - RCE
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
by Guy Pearce
PHP 4/5 - Input/Output Wrapper Remote File Inclusion Function Command Execution
by Slythers
PHPX <3.2.4 - RCE
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
by Manuel L?pez
Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion
by Yo_Soy
phpBB <2.0.6 - SQL Injection
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
by pokleyzz
Francisco Burzi Php-nuke - SQL Injection
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
by pokleyzz
PHP 4.3.x - Info Disclosure
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
by Michal Krause
MidHosting FTP Daemon 1.0.1 - Shared Memory Local Denial of Service
by Frank DENIS
PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow
Php - Denial of Service
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
Php - Denial of Service
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
Php - Denial of Service
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection
by frog
Mambo 4.0.12 - Auth Bypass
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
by Simen Bergo
Phpbb - SQL Injection
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
by David Zentner
Francisco Burzi Php-nuke - SQL Injection
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
by David Zentner
Jelsoft Vbulletin - Numeric Error
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
by Sp.IC
Jelsoft vBulletin <3.0 - XSS
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.
by Sp.IC
TightAuction 3.0 - Info Disclosure
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
by frog
Woltlab Burning Board - XSS
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by SeazoN
PHP - Path Traversal
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
by Tozz
Skintech Phpnewsmanager - Path Traversal
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
by anonymous
By Source