php version 4.4.1 .htaccess apache DOS exploit.
89b45db948a6dc9783df06193d900b40d886c9e201fd99c49f8648806d4d12c6
Mandriva Linux Security Advisory 2012-136 - Multiple cross-site scripting vulnerabilities was discovered by using the Database structure page with a crafted table name. This upgrade provides the latest phpmyadmin version to address this vulnerability.
4f113b7473341f4b5b1404d9fbf72c22dd8466370f6b383c45f0eb638cb6c89e
Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
Sphpforum version 0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
7502224f9e635dc27202e748cdf5015178a6e1641cbf8304333b802649a8903c
Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
19d56ac85b34319b9d93e656f85139e1d5a6ad3686507f40c07541d97d990968
Secunia Security Advisory - SUSE has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
45138b55a475ee758032d2c386f3048f0566ed3101649affd9b850cebe01c583
CakePHP and Squiz CMS suffer from XXE injection vulnerabilities.
961339f6ca18d70df5c08cf52ba52dcf3e959a21197fa995450430621e4c7f3f
phpList version 2.10.18 suffers from cross site scripting and remote SQL injection vulnerabilities.
7c2f52b5334b8d1ae75b3fffb38e7c18fedbae4934a65a5cc1c9ab975dea72d9
This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
af5927c4e9d6a607a05e48844259bb81f722ee9404fcdab77834d99f0a04d614
Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in phplist, which can be exploited by malicious people to conduct cross-site scripting attacks.
308ca8d0c240b0576241dedf473bed0bc4bd7979442dc1bb95d73630e8840b74
Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.
da1a2bf303b76bf5b59ef18ad2eeec728100c65453b3bc10e1110a4736295ee6
Openconstructor CMS version 3.12.0 suffers from a stored cross site scripting vulnerability in data/hybrid/i_hybrid.php.
1d3af1a1271150ebcda8aa883d72304c2cacba4c37e14d10e91b2e04946376d2
Turtle CMS version 1 remote SQL injection exploit written in PHP.
49b6a64ed42b657c60b8d7f861c16bf1852e7cf83dd2ad6db777e7ca04f156a9
Am4ss versions 1.2 and below suffer from a remote PHP code injection vulnerability.
14691d46558a43db63b5ae8d7df76e0c095c233b3ef1a03c99e9e84d0f602415
This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.
2fd37f85b3b97b8f8c3c3028dc3ce694832b09af2ec361d954d869e453380a88
Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.
c71eed1836a67943fa03e0218fb566e5956562284ee6c837a7ec26e30d887446
This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.
12ff7aba4342dfbb7f5a516aa01579569cbaf4c1cb86bb84f42047ca2ada8e0b
Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection vulnerability in deptUploads_data.php.
3979d02fd58b3d8d425160bc812c8985dd4e717d3e8b65cbe4b4ce9d8c41fd1b
phpBB3 version 3.0.10 appears to suffer from remote SQL injection vulnerabilities.
9376898c3f8c9323188f7425ea004eae96bc735daba1b4f20ceac24ede2d816c
Mandriva Linux Security Advisory 2012-118 - A vulnerability has been discovered and corrected in ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. The updated packages have been patched to correct this issue.
5d1ed50858951c79497ef1650fc6a7b1c640f77f054e6d9d388ab3d95f9188eb
This is a php script that takes a list of sites and password possibilities and runs as a cracker against Joomla administrative panels.
974b9077b4f38d6b7f57f47c692af49a1e15451c3a0e96836e451c9e45bcb875
PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.
23a6b6805759f0b8d0a1867fb3e155e4357ccfc59fdb6f110096ef1b359dadac
phpProfiles version 4.5.4 Beta suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.
92e4557c8dfd2512631cffd63a7f3429b58378e9c7e4e1db2aed8b3c92c252ab
Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
8c8bb030e17e5411417b68b186f12f4c547e4fe82b46c174807e0d6a29db2919
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
526da632857518ba04c937502d05234c1849101abc35c576432b65f2a4fbe5d5
This php script is a small tool for performing proxy checks.
335c6bc3f7508bd7388fd3b9f2a8c061fae18e1b4e0260668b4a1b074b9587a3