PHP Login and User Management versions 4.1.0 and below suffers from a remote shell upload vulnerability.
bd0631b0840255f200ab219736fbbaaaPHP Dash boards version 4.5 suffers from multiple remote SQL injection vulnerabilities.
0717e9023e1b634b5897677145125975NewsBee CMS version 1.4 suffers from a remote SQL injection vulnerability in home-text-edit.php.
cefa5350f0ab6bfdef55bcda50287284NewsBee CMS version 1.4 suffers from a remote SQL injection vulnerability in download.php.
bd063be441154d34a627459e352d2d42Private Message PHP Script version 2.0 suffers from a persistent cross site scripting vulnerability.
898cd42a9398106dd12a7924188c7bb2Wchat PHP AJAX Chat Script version 1.5 suffers from a persistent cross site scripting vulnerability.
f581a1f41ea6f01cdb6ce90c2cc33f97Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues.
a8f21befcaeda522f47af64b6d0c5282Ubuntu Security Notice 3646-2 - USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. Various other issues were also addressed.
ae0a82d9affb22e21c4f389ad7789281Ubuntu Security Notice 3600-2 - USN-3600-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.
79bbde3d1fefb3d77b138ef00b9b7370Ubuntu Security Notice 3646-1 - It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.
671fb2061c1fff15655f741886b1e10aMantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
1357cfcb1f87c0ce0787fbc307d1bb01The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.
21f2f7e73a000aa53bc81c6bd2ac2518This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
f976c4045dcaba09573750799d5fb25aThis Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
2580a04744c23352ceb458505fd66e3dRed Hat Security Advisory 2018-1296-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php. Issues addressed include buffer overflow, cross site scripting, denial of service, heap overflow, remote file inclusion, and use-after-free vulnerabilities.
74d414cb061c5ffff37e0dd0dcbd14faIf the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.
87ed86a0d1878037791e43a36f9d7694This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.
f41618034e1f76ddd17f42794e9dc6c3Yahei PHP Prober version 0.4.7 suffers from a cross site scripting vulnerability.
f12a62cb7579b29c118d5b72292a0c3eThis Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.
62ca13841303372ebfe7885ec8e1b271Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
a7016e23d3beb38a24d8e1e1f0708b2bThis Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.
d2275d600b73e806af00c2c4d704c496Ubuntu Security Notice 3600-1 - It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.
4120462fc6fd27b1ad02894820c93486Debian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.
b27d21328ecc754819007e251a72861dRed Hat Security Advisory 2018-0406-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function.
5a4ffbd2634a1a77f6456bcc55e8be27Social Oauth Login PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.
50c6d42d491cdd52647e23330f7ba0bf
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed