exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

PHP 7.0.8 / 5.6.23 / 5.5.37 bzread() OOB Write
Posted Jul 21, 2016
Authored by Hans Jerry Illikainen

PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread().

tags | exploit, php
advisories | CVE-2016-5399
MD5 | 6b6fb4f1de53517be6387665e5599f1a

Related Files

Mandriva Linux Security Advisory 2012-136
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-136 - Multiple cross-site scripting vulnerabilities was discovered by using the Database structure page with a crafted table name. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2012-4345
MD5 | 4839c06b99241b09e6a7c6deb114fc98
Hashes Generation And Injection Tool
Posted Aug 17, 2012
Authored by Pedro Ribeiro | Site github.com

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

tags | tool, java, web, php, asp
systems | unix
MD5 | e28efbf484734217c6b6714f69b893de
Sphpforum 0.4 Cross Site Scripting / SQL Injection
Posted Aug 16, 2012
Authored by loneferret

Sphpforum version 0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | f44307245cd2785505fb7beee300ec6c
Debian Security Advisory 2527-1
Posted Aug 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2012-2688, CVE-2012-3450
MD5 | a80818cca6a2d9c6f86f619a3eebb81e
Secunia Security Advisory 50194
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, suse
MD5 | 3237027927287609e908228d1badf2e7
CakePHP / Squiz CMS XXE Injection
Posted Aug 12, 2012
Authored by MustLive

CakePHP and Squiz CMS suffer from XXE injection vulnerabilities.

tags | exploit, vulnerability, xxe
MD5 | e9d645f7feaeb645de0c7ea09235c318
phpList 2.10.18 Cross Site Scripting / SQL Injection
Posted Aug 9, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

phpList version 2.10.18 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-3952, CVE-2012-3953
MD5 | 75fde174bbfd22b16518b2c9a0ad0f3b
PHP IRC Bot pbot eval() Remote Code Execution
Posted Aug 8, 2012
Authored by Evilcry, juan vazquez, bwall, Jay Turla | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.

tags | exploit, remote, php
systems | linux, windows, xp, ubuntu
MD5 | b4302c2d8b8f5eacb2c614d506570e68
Secunia Security Advisory 50150
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in phplist, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 484f9b3b4d0be2422e8bd4d63d432fdc
Debian Security Advisory 2522-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.

tags | advisory, web, php, xss
systems | linux, debian
advisories | CVE-2012-4000
MD5 | 100eefb85fdd8d16cdec885637c78dba
Openconstructor CMS 3.12.0 i_hybrid.php XSS
Posted Aug 4, 2012
Authored by Lorenzo Cantoni

Openconstructor CMS version 3.12.0 suffers from a stored cross site scripting vulnerability in data/hybrid/i_hybrid.php.

tags | exploit, php, xss
advisories | CVE-2012-3871
MD5 | c1645f55ece01be153ce7a604f3f7909
Turtle CMS 1 SQL Injection
Posted Aug 4, 2012
Authored by The UnKn0wN

Turtle CMS version 1 remote SQL injection exploit written in PHP.

tags | exploit, remote, php, sql injection
MD5 | a6aeb08a83c842195f0d23acfdece596
Am4ss 1.2 PHP Code Injection
Posted Aug 3, 2012
Authored by i-Hmx

Am4ss versions 1.2 and below suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | 16aae2d502e5b6e134b9e50c7c6f6e88
Dell SonicWALL Scrutinizer 9 SQL Injection
Posted Aug 3, 2012
Authored by muts, sinn3r, Devon Kearns | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2012-2962, OSVDB-84232
MD5 | 759e78201b01aab52f1b6d318bceac01
Tekno.Portal 0.1b Blind SQL Injection
Posted Aug 1, 2012
Authored by Socket_0x03

Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.

tags | exploit, remote, php, sql injection
MD5 | 577e392415ccfe6fa1824f15e00d21c4
WebPageTest Arbitrary PHP File Upload
Posted Aug 1, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.

tags | exploit, remote, web, php, code execution
advisories | OSVDB-83822
MD5 | c1b226b0a2afb2c37bcc29968221e367
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 31, 2012
Authored by @_Kc57

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection vulnerability in deptUploads_data.php.

tags | exploit, remote, web, php, sql injection
MD5 | 1bc2a5f03b833e0929539f4990414fe8
phpBB3 SQL Injection
Posted Jul 28, 2012
Authored by HauntIT

phpBB3 version 3.0.10 appears to suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | a052ec3ba32f8150d6c7de40139e0252
Mandriva Linux Security Advisory 2012-118
Posted Jul 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-118 - A vulnerability has been discovered and corrected in ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. The updated packages have been patched to correct this issue.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-5031, CVE-2012-2751
MD5 | 5b720839b8e1ef694c05d335494f4e3f
Joomla Admin Panel Bruteforcer
Posted Jul 28, 2012
Authored by miyachung

This is a php script that takes a list of sites and password possibilities and runs as a cracker against Joomla administrative panels.

tags | cracker, php
MD5 | 2f7e9330e3523ca691d3cf21901a61ce
PHP UnZIP 0.1 File Disclosure
Posted Jul 26, 2012
Authored by Taurus Omar

PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, php, info disclosure
MD5 | d553dc83434e11a14d60b1f1200ed271
phpProfiles 4.5.4 Beta XSS / RFI / SQL Injection
Posted Jul 24, 2012
Authored by L0n3ly-H34rT

phpProfiles version 4.5.4 Beta suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, file inclusion
MD5 | 4df4276eba69a2d45be9fa217711902a
Mandriva Linux Security Advisory 2012-108
Posted Jul 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2012-2688, CVE-2012-3365
MD5 | cb6339f2ab0f23b465ebf42626304b47
EGallery PHP File Upload Vulnerability
Posted Jul 23, 2012
Authored by Sammy FORGIT, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-83891
MD5 | 95885aafd89fb4191f4ba1c513063adf
Multithreaded Proxy Checker
Posted Jul 22, 2012
Authored by miyachung

This php script is a small tool for performing proxy checks.

tags | web, php
MD5 | ca82773617232afc2ede442dd140097a
Page 1 of 4
Back1234Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close