exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 5,099 RSS Feed

PHP Files

Ubuntu Security Notice USN-5818-1
Posted Jan 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5818-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2022-31631
SHA-256 | 5e3f991b525cb556d7f98923b6dc146a9a8e1bee769113d7ded701c12dd365aa
PHP Hazir Haber Sitesi Scripti 3 SQL Injection
Posted Jan 18, 2023
Authored by CraCkEr

PHP Hazir Haber Sitesi Scripti version 3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | a4e42a51639e0e659d8154ab6fba242013474c26b51d42f601449cdabf720418
Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.

tags | exploit, php
advisories | CVE-2023-22851
SHA-256 | 1b6698ff49dd75e5444eb0fdffd03d9806fd9c813b8e9255172cc30fc8eee07c
Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.

tags | exploit, php
advisories | CVE-2023-22580
SHA-256 | 2ec6d4c5f2c778a5cba091671d5430e465c12ac9843c5cd81c7a60ef025d78c5
Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.

tags | exploit, php
advisories | CVE-2023-22853
SHA-256 | 78cc87727c56dfa65396d9be9770b8f57ca776f333384898c9697700f5975390
Linear eMerge E3-Series Access Controller Command Injection
Posted Jan 5, 2023
Authored by h00die-gr3y, Gjoko Krstic | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in card_scan_decoder.php via the No and door HTTP GET parameter. Successful exploitation results in command execution as the root user.

tags | exploit, web, root, php
advisories | CVE-2019-7256
SHA-256 | 1fd51575a69b265ae06a105677705b12fb58d93fd9bd59aaebb488726841bfee
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a conditional command injection vulnerability in traceroute.php.

tags | exploit, php
SHA-256 | 493fb94bb96a88e40abd33e5eccebbff52f80b0de903d6bad482c12681edc5d7
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ping.php Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in ping.php.

tags | exploit, php
SHA-256 | ade832b5db9e3a83e1ab939037cf7ceb6613442fdf7944335ad9f3f638d97f84
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x dns.php Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in dns.php.

tags | exploit, php
SHA-256 | 29a3f77080209e96ce853753006ab37df305d0ac4c6d034a7504f2376215c2ba
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ICMP Flood Attack
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allow an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilization of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.

tags | exploit, arbitrary, php
SHA-256 | 81c669280d4737e923eb0b0a5259214bbdd51f21c8109143eeadbef36025d06c
Spitfire CMS 1.0.475 PHP Object Injection
Posted Dec 10, 2022
Authored by LiquidWorm | Site zeroscience.mk

Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.

tags | exploit, web, php
SHA-256 | 3c6793041f6ef605d3f154b6af494fe31faa2d9c2220beafffe81f474b92710d
vBulletin 5.5.2 PHP Object Injection
Posted Nov 28, 2022
Authored by EgiX | Site karmainsecurity.com

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.

tags | exploit, arbitrary, php
SHA-256 | 642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15
ChurchInfo 1.2.13-1.3.0 Remote Code Execution
Posted Nov 21, 2022
Authored by m4lwhere | Site metasploit.com

This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmp_attach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a PHP attachment and then browsing to the location of the uploaded PHP file on the web server, arbitrary code execution as the web daemon user (e.g. www-data) can be achieved.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2021-43258
SHA-256 | d722a625744f0e9dc54c97184f41f3a6b314c7e49874af507dfdc2295535278e
Gentoo Linux Security Advisory 202211-03
Posted Nov 21, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

tags | advisory, arbitrary, php, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-37454
SHA-256 | 9a1678e24b2e3feff0e005708de8cc73ed15cb45dc823e4705b0397f6d11473c
WordPress BeTheme 26.5.1.4 PHP Object Injection
Posted Nov 21, 2022
Authored by Julien Ahrens | Site rcesecurity.com

WordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input.

tags | exploit, php, vulnerability
advisories | CVE-2022-3861
SHA-256 | 796d230d939138bf65ab0ead41b12275e53550798cf863b9b6609b758208dec5
Revenue Collection System 1.0 SQL Injection / Remote Code Execution
Posted Nov 16, 2022
Authored by Joe Pollock

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.

tags | exploit, remote, php, sql injection
SHA-256 | b41c4f6c71ea1156cfd52b2bd3c354cdb2fc0372d5b22d463c64b50c55b777c0
Red Hat Security Advisory 2022-8197-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8197-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a use-after-free vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2021-21708, CVE-2022-31625
SHA-256 | dfa4ba3a8f5bac10045d7af5418b2b2f6dfbbfec6600496114ef424d62963e2a
Debian Security Advisory 5277-1
Posted Nov 14, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, php, info disclosure
systems | linux, debian
advisories | CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-37454
SHA-256 | 40cb66a9c0c2167146b80561176a952e5901d8ea040e6b36e934347e7c5f4ac6
Ubuntu Security Notice USN-5717-1
Posted Nov 9, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-37454
SHA-256 | 5d9c5fa429c56df30e64215e02fbcce857d17b47d4d6b19014cc6d97a3a22070
Red Hat Security Advisory 2022-7628-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7628-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include traversal and use-after-free vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2021-21707, CVE-2021-21708, CVE-2021-32610
SHA-256 | c5085c33c69a944a83481bcd51491bb584588fdd62e2fb35c3424bbef37bc4ef
Red Hat Security Advisory 2022-7624-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a use-after-free vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2021-21708, CVE-2022-31625
SHA-256 | 383719188b4c5fdaebed389731356ddaf619da41c86a09c6934ae4b8e144c378
Red Hat Security Advisory 2022-7340-01
Posted Nov 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7340-01 - The php-pear package contains the PHP Extension and Application Repository, a framework and distribution system for reusable PHP components. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | a7fa9058c1eedb244721abe0a8c951c08858548c0d0aa8043efb04595a1418a9
FLIR AX8 1.46.16 Remote Command Injection
Posted Nov 2, 2022
Authored by Samy Younsi, Thomas Knudsen, h00die-gr3y | Site metasploit.com

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.

tags | exploit, remote, web, arbitrary, shell, root, php
advisories | CVE-2022-37061
SHA-256 | a321cd3e8960e684cbab1cd82bb0f9be0cda474af87c57e7f89fa9aaa83b6bca
GLPI 10.0.2 Command Injection
Posted Oct 25, 2022
Authored by bwatters-r7, cosad3s | Site metasploit.com

This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.

tags | exploit, php
advisories | CVE-2022-35914
SHA-256 | 529159bd26d8ef9713fdda0560ec98c0fd7749d335736c9d27898c59fbf09efb
Knap Advanced PHP Login 3.1.3 Cross Site Scripting
Posted Oct 17, 2022
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Knap Advanced PHP Login version 3.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 614d92bacad275d4005a3277aea3306bf2224850a51e6f1260dfaec0f7ea72ca
Page 1 of 204
Back12345Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close