PHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.
1ddd5d7ad012d226ccc8051352c24f77PHP-Fusion version 9.03.50 suffers from a remote SQL injection vulnerability.
0a1a9de287822195e0373a79ec7c6409This Metasploit module exploits a command execution in Pi-Hole versions 4.4 and below. A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content. PHP content is then written to a file within the webroot. Phase 1 writes a sudo pihole command to launch teleporter, effectively running a privilege escalation. Phase 2 writes our payload to teleporter.php, overwriting the content. Lastly, the phase 1 PHP file is called in the web root, which launches our payload in teleporter.php with root privileges.
45a7854959d2d37b594d4f7a3b3c052eThis Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.
f3a7e388a69ddecf6195fe24bcc68477Ubuntu Security Notice 4330-2 - USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.
fa624b67647513f5623dee65a7767548This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap.
fd5084cbbf34c562fd7812f4604bd3ebPHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.
939a3889a23fef8e94256b55ad25eb83Red Hat Security Advisory 2020-1624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, information leakage, integer overflow, and out of bounds read vulnerabilities.
654cda5bc83e59369a9511877f52d8d1POS PHP version 17.5 suffers from a persistent cross site scripting vulnerability.
9ea244b2cacb29f6ff2b2cd4f4581e8ePHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.
e36604a9b6dcdb3914f2f4ead087df72QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability.
829d59fdbec4c7b0c02f591307aaf419This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.
66f62527f36bfb07368dcaf7a3f1185bUbuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.
0fda62773a60658789b8a8c4895924f6This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.
e63e44c2cb033ac880ece4ae4c6a8e43This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.
374a0703e200b94ffbbf77b7a5abd7aeThis Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS template engine at src/Playsms/Tpl.php:_compile(). The vulnerability is triggered when an attacker supplied username with a malicious payload is submitted. This malicious payload is then stored in a TPL template which when rendered a second time, results in code execution.
e40284c5a13747da60aa031e3cb3795ePandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.
a6cfa63dd5a875fd53b5c5870eff7bb8Red Hat Security Advisory 2020-1112-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a cross site scripting vulnerability.
2338e48855ba82f7c68e6c201ba27ab5Gentoo Linux Security Advisory 202003-57 - Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. Versions less than 7.4.4 are affected.
85210e8571101874bcb1b27191b4ee83The Horde_Data module version 2.1.4 (and before) present in Horde Groupware version 5.2.22 allows authenticated users to inject arbitrary PHP code thus achieving remote code execution the server hosting the web application.
f0c7e4ae9064e2e1fa8b38b7392b0984rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability.
825dfc3c3e408b5672224d857d18de7bGentoo Linux Security Advisory 202003-38 - A vulnerability in Imagick PHP extension might allow an attacker to execute arbitrary code. Versions less than 3.4.4 are affected.
0580d03589f01e0c41eeade5fbe8277dPHPKB Multi-Language 9 suffers from an image-upload.php remote authenticated code execution vulnerability.
23b7b80b97e434ce09334e208f32fa38Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.
d2b595c8544f4d3d4cd3488e79c4933drConfig version 3.93 suffers from an authenticated ajaxAddTemplate.php remote code execution vulnerability.
85d122ff0df2067290a863cffe078fa7
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed