Php Exploits
1,332 exploits tracked across all sources.
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Mohammad Reza Espargham
CVSS 8.8
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Mohammad Reza Espargham
CVSS 8.8
FreiChat 9.6 - SQL Injection via Time Parameter
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
by Kacper Szurek
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Mohammad Reza Espargham
CVSS 8.8
Apple Mac OSX 10.10.3 (Yosemite) Safari 8.0.x - Crash (PoC)
by Mohammad Reza Espargham
Nmedia Member Conversation < 1.4 - Unauthenticated Arbitrary File Upload via doupload.php
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
by Sammy FORGIT
WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload
by nabil chris
ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server Denial of Service
by Koorosh Ghorbani
WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload
by KedAns-Dz
Spider Event Calendar 1.4.9 - SQL Injection via cat_id Parameter
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
by Mateusz Lach
PHPads 213607 - Authentication Bypass / Password Change
by Shaker msallm
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by SECURELI.com
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Stefan Horst
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Stefan Horst
Maarch GEC/GED < 1.4 and LetterBox < 2.8 - Unauthenticated Arbitrary File Upload via file_to_index.php
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
by Adrien Thierry
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Dustin Dörr
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Prakhar Prasad & Subho Halder
Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection
by BLacK ZeRo
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload
by Ashiyane Digital Security Team
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / Remote Code Execution via Static Encryption Key
by Mehmet Ince
By Source