Php Exploits
1,334 exploits tracked across all sources.
WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite
by wp0Day.com
WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload
by Abk Khan
phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution
by Paolo Massenio
WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite
by wp0Day.com
Tagdiv Newspaper < 6.7.2 - Improper Privilege Management
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
by wp0Day.com
CVSS 9.8
WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting
by wp0Day.com
WordPress Plugin WP PRO Advertising System 4.6.18 - SQL Injection
by wp0Day.com
Magento <2.0.6 - Code Injection
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
by agix
CVSS 9.8
eXtplorer 2.1.9 - Path Traversal
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
by hyp3rlinx
CVSS 7.8
PHP <5.5.34, <5.6.20, <7.0.5 - RCE
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
by Andrew Kramer
CVSS 9.8
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
by akat1
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
by Kacper Szurek
Microsoft Windows - RCE
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Ehsan Noreddini
CVSS 8.8
Microsoft Windows - RCE
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Ehsan Noreddini
CVSS 8.8
Konica Minolta FTP Utility 1.0 - Path Traversal
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
by shinnai
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load Dynamic Library
by ylbhz
Ganglia Web <3.5.1 - RCE
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
by Andrei Costin
By Source