Exploitdb Exploits

EIP-2026-117767 EXPLOITDB php VERIFIED

PHP 5.3.4 Win Com Module - Com_sink

by fb1h2s

View

EIP-2026-105518 EXPLOITDB php VERIFIED

Blog Mod 0.1.9 - 'index.php?month' SQL Injection

by WhiteCollarGroup

View

EIP-2026-113552 EXPLOITDB php VERIFIED

WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities

by Tapco Security

View

EIP-2026-113335 EXPLOITDB php

webpa 1.1.0.1 - Multiple Vulnerabilities

by dun

View

EIP-2026-108965 EXPLOITDB php VERIFIED

Kamads Classifieds 2.0 - Admin Hash Disclosure

by Mr.tro0oqy

View

EIP-2026-113393 EXPLOITDB php

WespaJuris 3.0 - Multiple Vulnerabilities

by WhiteCollarGroup

View

EIP-2026-105221 EXPLOITDB php VERIFIED

AraDown - Blind SQL Injection

by G-B

View

EIP-2026-105220 EXPLOITDB php VERIFIED

AraDown - 'id' SQL Injection

by G-B

View

EIP-2026-110505 EXPLOITDB php VERIFIED

PBBoard - Authentication Bypass

by i-Hmx

View

EIP-2026-105151 EXPLOITDB php VERIFIED

am4ss Support System 1.2 - PHP Code Injection

by i-Hmx

View

CVE-2012-3450 EXPLOITDB php VERIFIED

Php < 5.3.13 - Denial of Service

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

by 0x721427D8

View

EIP-2026-113977 EXPLOITDB php VERIFIED

WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion

by Sammy FORGIT

View

EIP-2026-112032 EXPLOITDB php

Shopware 3.5 - SQL Injection

by Kataklysmos

View

CVE-2012-3996 EXPLOITDB php VERIFIED

Tikiwiki Cms/groupware < 8.2 - Information Disclosure

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

by EgiX

View

CVE-2012-0911 EXPLOITDB CRITICAL php VERIFIED

TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.

by EgiX

CVSS 9.8

View

EIP-2026-107400 EXPLOITDB php VERIFIED

Getsimple CMS Items Manager Plugin - 'PHP.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-108035 EXPLOITDB php VERIFIED

JAKCMS PRO 2.2.6 - 'uploader.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-110815 EXPLOITDB php VERIFIED

PHP-Fusion Advanced MP3 Player Infusion - 'upload.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-106594 EXPLOITDB php VERIFIED

Drupal Module Drag & Drop Gallery 6.x-1.5 - 'upload.php' Arbitrary File Upload

by Sammy FORGIT

View

CVE-2012-0694 EXPLOITDB CRITICAL php

SugarCRM CE <= 6.3.1 - Code Injection

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

by EgiX

CVSS 9.8

View

EIP-2026-106672 EXPLOITDB php VERIFIED

e107 Hupsi_fancybox Plugin - 'Uploadify.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-113860 EXPLOITDB php VERIFIED

WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-109639 EXPLOITDB php VERIFIED

Multiple WordPress Themes - 'upload.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-108672 EXPLOITDB php VERIFIED

Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload

by Sammy FORGIT

View

EIP-2026-108778 EXPLOITDB php VERIFIED

Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload

by Sammy FORGIT

View