This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.
c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38efjSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
48ad8d092a1d79aa5c2620e2605e83e3d688cc6a534bf9ed77f27a4ef0c5af79Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability. The vulnerable endpoint /webtools/control/forgotPassword allows an attacker to access the ProgramExport endpoint which in turn allows for remote code execution in the context of the user running the application.
95a799d52023de4e870b8e6e3293276e9dc9c6116e4ec377371d107ab468f276PowerVR suffers from an out-of-bounds write of firmware addresses in PVRSRVRGXKickTA3DKM().
bf643f590254db32f40863c345eaa6faa2bb814e2aa4cfd56828c8a49a38c33aPowerVR suffers from an uninitialized memory disclosure and crash due to out-of-bounds reads in hwperf_host_%d stream.
21afd37aba8ffcfc6bd66ce8187be897144f972c8efddd7b417e5044e23024a8Microweber version 2.0.15 suffers from a persistent cross site scripting vulnerability.
bc5f31437cdc3b2035b17ca3b2950b4cf584eac427c398fd1c4e2f3f28b25118Ubuntu Security Notice 6835-1 - It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. Thomas Rinsma discovered that Ghostscript did not prevent changes to uniprint device argument strings after SAFER is activated, resulting in a format-string vulnerability. An attacker could possibly use this to execute arbitrary code.
acc0b08a84cf2003c72bba80c8e2de0ecc271d27da321022690b5bb56fa5b4caRed Hat Security Advisory 2024-3972-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass and use-after-free vulnerabilities.
abc8e778b739c19a1178e5f05676aecb1a5b4ad6f0abc53d266032d41a4363adRed Hat Security Advisory 2024-3970-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
23d10c9838b1396db6283efd14691dbd1a04e264085c3ead66231fba4a4d2adfRed Hat Security Advisory 2024-3969-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
971d5a4c3548e61710901adaba7e539cf264bf0b2249deb6e3a19c6638558eeaRed Hat Security Advisory 2024-3968-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a resource exhaustion vulnerability.
34ae2509effdebd47829c6820376e1c0772bf5da34bb70219152c5549b556217Red Hat Security Advisory 2024-3963-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
86892dea649ff290d4df23e11ce8a927801bf117f650b5eb823de0af1c57e2b4Red Hat Security Advisory 2024-3962-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
1e57f6bb3e4a5c5ac8be8e1af8203d43e8ad984d2720488ae1526399083ad8b3Red Hat Security Advisory 2024-3961-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.
89ca92c08699f70ff0ae992feca16d0d83f1233f59e7d26318313dc4d06d79a6Red Hat Security Advisory 2024-3960-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
928d03d2fe4a1b1ebbee18bf25d4448c032074315a5355ecd192ccde0099bc0cRed Hat Security Advisory 2024-3959-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.
3a7e495acde2c195388aaabb0055aa3f4e15135c8a4102a3e3ca7bbd42776c95Red Hat Security Advisory 2024-3958-03 - An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.
7dcdeb482034453c4dd4daafdfba27be225f24d05bbe7d4341b9adc161e5729cRed Hat Security Advisory 2024-3955-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.
ddbe77a186d5163be412184acccb90d75df8c67a4712f034f1c0a272e532c514Red Hat Security Advisory 2024-3954-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and use-after-free vulnerabilities.
a7b16463952535b31ce60c9e5b84d7fffe68b565cd2ecdf6b1e2220c1bd105a3Red Hat Security Advisory 2024-3953-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.
32923df36379f2a21a517db2abceac65cd7857bbc5cd87aede5ab26ffe8d8ad9Red Hat Security Advisory 2024-3952-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
3b27ff0a7346af84c25e212cd3091422fe433ddef2eae6e0dd428bafc76401faRed Hat Security Advisory 2024-3951-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.
642981baf14900ee8f32bb231f9443ed35410122510f1b6c959a7f346f14df09Red Hat Security Advisory 2024-3950-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
1935e4de598b6bda9a3308c323910442291e45c4b6bf91054938d3a6829efb5aRed Hat Security Advisory 2024-3949-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
67674ccb399b61ebfb46b89b19332e267d6a864e311bd351cc7b8866e51f194cRed Hat Security Advisory 2024-3943-03 - Red Hat OpenShift distributed tracing 3.2.1. Issues addressed include a denial of service vulnerability.
3e4b9ed8cb8b94421b7d9c41196b2177086000daecb39f56db8a17f5bc02028d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed