exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 5,179 RSS Feed

PHP Files

Debian Security Advisory 5632-1
Posted Mar 15, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.

tags | advisory, local, php, code execution
systems | linux, debian
advisories | CVE-2024-24821
SHA-256 | 41b32f3945ea62d6717b9bcf3c2f3261d62077b5c247d91363fa5b2bd9022945
MSMS-PHP 1.0 Shell Upload
Posted Mar 13, 2024
Authored by nu11secur1ty

MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
SHA-256 | 06dd3743528c052502c13e65a54289e54ef53298ff6beb4c6ee8a4810bae36df
MSMS-PHP 1.0 SQL Injection
Posted Mar 13, 2024
Authored by nu11secur1ty

MSMS-PHP version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 07a4b17a4586262f742fb0c1fbec3bfb2ad51bbc7b9e70e96de453b70e201f61
Artica Proxy 4.50 Unauthenticated PHP Deserialization
Posted Mar 6, 2024
Authored by Jaggar Henry | Site korelogic.com

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630
Customer Support System 1.0 SQL Injection
Posted Mar 6, 2024
Authored by Geraldo Alcantara

Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customer_support/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020.

tags | exploit, remote, php, sql injection
advisories | CVE-2023-50071
SHA-256 | 718d48eb7ca237f5f3ee83bb6118e210de87e3b83055bc4ece1ed2ad4b88e9d9
Ubuntu Security Notice USN-6671-1
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2023-29197
SHA-256 | 27772bf11ba58e6506ed22ecdca799a5cc5144ec12da1e50691c8a33285fc90d
Ubuntu Security Notice USN-6670-1
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2022-24775
SHA-256 | f678a48ca90812aa9d2b76350886677e9b4c1db467f139d16a69adc2ef646f7c
BoidCMS 2.0.0 Command Injection
Posted Mar 1, 2024
Authored by bwatters-r7, 1337kid | Site metasploit.com

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.

tags | exploit, php
advisories | CVE-2023-38836
SHA-256 | 4be34ec34fdd2c459e03d46cbe61a319a411480ce0b82004ab5d83d8fcc669d1
Ubuntu Security Notice USN-6305-2
Posted Feb 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-3823, CVE-2023-3824
SHA-256 | caacfeb4e539a353abe770f6325dbffce7919a619b169957ffad81b1917bb00b
Cacti pollers.php SQL Injection / Remote Code Execution
Posted Feb 5, 2024
Authored by Christophe de la Fuente, Aleksey Solovev | Site metasploit.com

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

tags | exploit, remote, local, php, vulnerability, code execution, sql injection, file inclusion
advisories | CVE-2023-49084, CVE-2023-49085
SHA-256 | b4ef67908324e2b53eac068bc36847b4c86d487875706d6d2339e053cc3970f0
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Feb 2, 2024
Authored by whiteOwl | Site whiteowl-pub.github.io

This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo() function on the login page of the target device, allowing to inspect the PHP configuration. This script also has the option to save the phpinfo() output to a file for further analysis.

tags | exploit, php, proof of concept
advisories | CVE-2023-36845
SHA-256 | 56c0a0ad9dba5be91bcf88dbed7e2234e764bf5d6166e8250dfe5f1920543e02
XenForo 2.2.13 ArchiveImport.php Zip Slip
Posted Jan 31, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.

tags | exploit, php
SHA-256 | 5deccbdac2cfe207ec995833b611569397b53b3acedb61fbd211edfe7bb16b0d
Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.

tags | exploit, php
advisories | CVE-2024-22903
SHA-256 | dc8db7a93b49f089a2c51bccac868cf579a7563c72b570b389665c44bbc72c33
Red Hat Security Advisory 2024-0387-03
Posted Jan 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0387-03 - An update for the php:8.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | 9e341b2e86799d9ac8b07a6ec52cc960f726908e4657fdedf47b8b3de3a9fd76
WordPress Backup Migration 1.3.7 Remote Command Execution
Posted Jan 18, 2024
Authored by jheysel-r7, Valentin Lobstein, Nex Team | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.

tags | exploit, remote, php
advisories | CVE-2023-6553
SHA-256 | 1feecca12306422ebe993c3821d87be77ad3056e719f9dcbae7c033f156e447f
Ubuntu Security Notice USN-6550-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2022-29221, CVE-2022-31129, CVE-2023-28447
SHA-256 | 63590f2a95686afe65ce57bda6bffeb19c1b4db5f13381940d89cd04952491fd
ISPConfig 3.2.11 PHP Code Injection
Posted Dec 8, 2023
Authored by EgiX | Site karmainsecurity.com

ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php.

tags | exploit, php
advisories | CVE-2023-46818
SHA-256 | d5776b6c39736c11bc5b6ee2bae4179fb341f58ff08665b96718f64ac8b63242
MagnusBilling Remote Command Execution
Posted Nov 14, 2023
Authored by h00die-gr3y, Eldstal | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.

tags | exploit, remote, web, arbitrary, php
advisories | CVE-2023-30258
SHA-256 | 62af9cc329c88e7f145a1675e178871c1a75c9da5de26c8c623bef2bde4a73c2
phpFox 4.8.13 PHP Object Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

tags | exploit, remote, arbitrary, php
advisories | CVE-2023-46817
SHA-256 | ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03
SugarCRM 13.0.1 Server-Side Template Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

tags | exploit, arbitrary, php
SHA-256 | 482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
Ubuntu Security Notice USN-6199-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2023-3247
SHA-256 | e46b12e2ae2685b34c9735991a469a71e79fcd955c1df600d8da3956401fe3d8
Red Hat Security Advisory 2023-5927-01
Posted Oct 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5927-01 - An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | 46c527bdcfb2145b61c0830ad98c9738174c2195ac8e1cd6200c84896fdfff5d
Red Hat Security Advisory 2023-5926-01
Posted Oct 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5926-01 - An update for php is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | f7b3d25853c407b0835193e19c69c5d5226d02c94935df3692d13b2fede8c6ec
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Oct 2, 2023
Authored by Ron Bowes, Jacob Baines, jheysel-r7 | Site metasploit.com

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.

tags | exploit, web, root, php, protocol
systems | freebsd, bsd, juniper
advisories | CVE-2023-36845
SHA-256 | 23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
Posted Sep 19, 2023
Authored by Marco Wotschka | Site wordfence.com

WordPress Essential Blocks plugin versions 4.2.0 and below and Essential Blocks Pro versions 1.1.0 and below suffer from multiple PHP object injection vulnerabilities.

tags | exploit, php, vulnerability
advisories | CVE-2023-4386, CVE-2023-4402
SHA-256 | 3bc456da9e240b7476040544d3e4f0b5fa6f68d4e3ad65a015be529481ab73ad
Page 1 of 208
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close