OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
f671f8d4d1775a87dfdb4e245c86573aDebian Linux Security Advisory 4262-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.
9d90561cb123024abe81fc4647a6aff3PHP Template Store Script version 3.0.6 suffers from persistent cross site scripting vulnerabilities.
955dd57ab80d69477021cb73445e4ecfHRSale HR Management PHP script version 1.0.6 suffers from a local file disclosure vulnerability.
7359826a28a3b8ffd79965cd3b39d5bfThis Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding, which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. Combining these vulnerabilities gives the opportunity execute operation system commands under the context of the web user.
e1ed8b7a67ea6ddd018934d8c751a6d1Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.
72429cacd6f8d8507d950f72f13a44cdSuper CMS Blog Pro PHP Script version 1.0 suffers from a cross site scripting vulnerability.
65c8fcb0181b7cc5639b9ffd8ad8014cSuper CMS Blog Pro PHP Script version 1.0 suffers from shell upload and remote SQL injection vulnerabilities.
4d4af76da07a9471a1cd3679240ce824NUUO NVRmini suffers from a remote command execution vulnerability in upgrade_handle.php.
929ca4e4e4ddf2ac4f48d2373e20ba9bSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
16dbf231d102e07198b15fae7baa2d9dCMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
1cbcf8ed9ea5ef18b9981873d99697ebphpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.
8806abb9a5685ea849d530a130566416Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4.
7dbdf348dbb60d19f6dfcb69ab4f25d5This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.
a1733d5d120783b5373e9c89db24e4a6Debian Linux Security Advisory 4240-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.
eaff28711d8000b812023696350c581cUbuntu Security Notice 3702-2 - USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
8fe6d115b16c29298453c43df9af9f61Ubuntu Security Notice 3702-1 - It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
91cf13f6abb86654377d8a466daabf9aDolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.
c3c0b8993ddf32695f9afefe4a832269This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.
f275b1da0c15a7e7e5fae8036578d5d8This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be provided. If file sharing is enabled, the agent versions are available within the \\kace.local\client\agent_provisioning\windows_platform Samba share. Additionally, various agent versions are listed on the KACE website. This Metasploit module has been tested successfully on Quest KACE Systems Management Appliance K1000 version 8.0 (Build 8.0.318).
48ba6b06f4b01737a61a9c63d90ba594phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
40f298aed179561d60e3ea947664bb79Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.
34b2e7462bfa056a0c19bbce40b04c29The Event Manager PHP Script admin panel suffers from a remote SQL injection vulnerability in events_new.php.
83fb888284b894e89bd607800355654ePHP version 7.2.2 contains a memory corruption bug while parsing malformed HTTP response packets.
94cfa36bfbcf163bb9036ca89791986fPHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.
d00ae116d2bf4184267f84bedd816657
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed