Php Exploits

1,333 exploits tracked across all sources.

Sort: Activity Stars
CVE-2004-0327 EXPLOITDB php VERIFIED
PhpNewsManager 1.46 - Directory Traversal via clang Parameter
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
by Dave Wilson
CVE-2001-1013 EXPLOITDB php VERIFIED
Red Hat Linux - Username Enumeration via Apache UserDir Error Code Discrepancy
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
by Gabriel A Maggiotti
CVE-2001-1246 EXPLOITDB php VERIFIED
PHP 4.0.5-4.1.0 - Command Injection via mail() Function 5th Parameter
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
by Wojciech Purczynski
CVE-2001-0746 EXPLOITDB php VERIFIED
iPlanet Web Server Enterprise Edition <= 4.1 - Buffer Overflow via Long URI in Web Publisher
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
by Gabriel Maggiotti
CVE-2001-0596 EXPLOITDB php VERIFIED
Netscape Communicator < 4.77 - Remote Code Execution via GIF Image Comment
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
by Florian Wesch
CVE-2000-0884 EXPLOITDB php VERIFIED
Internet Information Server 4.0-5.0 - Path Traversal and Remote Code Execution via Unicode-Encoded URL
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
by BoloTron
CVE-2000-0136 EXPLOITDB php VERIFIED
Cart32 - Unauthenticated Purchase Information Modification via Hidden Form Fields
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
by CDI
CVE-2000-0059 EXPLOITDB php VERIFIED
PHP3 - Remote Command Execution via popen Shell Metacharacter Injection
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
by Kristian Koehntopp
By Source
All 1,333 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25