YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.
bda45fa0236ae4d5e784d5a3ac75112aWordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.
8bacd47eae727e0caea978775817a289Debian Linux Security Advisory 4576-1 - An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of service, or potentially the execution of arbitrary code.
1c0c97a2183857fe2d941f5ce7401bafWhitepaper called Remote File Inclusion / Local File Inclusion Attack and Defense Techniques. This paper focuses on PHP-based attacks.
34f21e6ac1aa7a3653bb417dc20e8aafDebian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
acccbf4720ec0e008144ea8d17fd7c82This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).
8371c066836fe4c5336f32a7b5aa18d5This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with exec_view permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).
f85a37b65def4dd691f01bcc8dc57001An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.
3b3ade2ee27236b704dbdfaf2c3827c1Linear eMerge E3 versions 1.00-06 and below unauthenticated command injection remote root exploit that leverages card_scan_decoder.php.
44a9793e2a7284d735e5ee358d786e4bLinear eMerge E3 versions 1.00-06 and below unauthenticated command injection remote root exploit that leverages card_scan.php.
6bc7028052702f5b76c1733414371eb8This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).
5a8c7959c835ac3cbcc733bb6b9b60acRed Hat Security Advisory 2019-3736-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue has been addressed.
f7aae271bc0791293c1bdcb48d0c78faRed Hat Security Advisory 2019-3735-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue has been addressed.
29b3ad7c82bcd6d2987d7e46cdcbccddRed Hat Security Advisory 2019-3724-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue has been addressed.
04147c22152bf5396f6d6a2a49fad314Red Hat Security Advisory 2019-3300-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
ea89ba3e13dae1bcf3172b6046169d59Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.
0b3a743000a8d1ce9382590da63feba1Red Hat Security Advisory 2019-3286-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
a411df94a49b4d272eceff9bbc0ef65dRed Hat Security Advisory 2019-3287-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
6d6ec7c1a7537484209f9de4cb88fce8Mr Blog PHP suffers from cross site scripting and remote SQL injection vulnerabilities.
63ea465f4b8e72760edc56f1ad01e690Ubuntu Security Notice 4166-2 - USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
ef6238f8e5b72babf4cb9b04e3a3e34bUbuntu Security Notice 4166-1 - It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code.
5cf1387d2922807d678f4fbcef9868b0Gentoo Linux Security Advisory 201910-1 - A vulnerability in PHP might allow an attacker to execute arbitrary code. Versions less than 7.1.33 are affected.
29a50835bcd6457081d0c952655829f6waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21 suffers from a cross site scripting vulnerability.
d7df4d782697a7e80efc7fa21b17f0b4waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21 suffers from a remote SQL injection vulnerability.
83962e607813e599acbec494542b97c0This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.
4cbdb53c733266a5189ec2df70c12e1b
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed