Php Exploits

1,334 exploits tracked across all sources.

Sort: Activity Stars
CVE-2004-0327 EXPLOITDB php VERIFIED
Skintech Phpnewsmanager - Path Traversal
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
by anonymous
CVE-2004-0327 EXPLOITDB php VERIFIED
Skintech Phpnewsmanager - Path Traversal
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
by Dave Wilson
CVE-2001-1013 EXPLOITDB php VERIFIED
Apache - Info Disclosure
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
by Gabriel A Maggiotti
CVE-2001-1246 EXPLOITDB php VERIFIED
PHP <4.2 - Command Injection
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
by Wojciech Purczynski
CVE-2001-0746 EXPLOITDB php VERIFIED
Iplanet Web Server - Buffer Overflow
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
by Gabriel Maggiotti
CVE-2001-0596 EXPLOITDB php VERIFIED
Netscape Communicator <4.77 - XSS
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
by Florian Wesch
CVE-2000-0884 EXPLOITDB php VERIFIED
IIS 4.0-5.0 - Path Traversal
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
by BoloTron
CVE-2000-0136 EXPLOITDB php VERIFIED
Cart32 - Info Disclosure
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
by CDI
CVE-2000-0059 EXPLOITDB php VERIFIED
PHP3 - Command Injection
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
by Kristian Koehntopp
By Source
All 1,334 Exploitdb 50,121 Writeup 46,733 Nomisec 21,197 Metasploit 3,189 Github 2,248 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24