Twenty Year Anniversary
Showing 1 - 25 of 4,670 RSS Feed

PHP Files

Yahei PHP Prober 0.4.7 Cross Site Scripting
Posted Apr 9, 2018
Authored by ManhNho

Yahei PHP Prober version 0.4.7 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2018-9238
MD5 | f12a62cb7579b29c118d5b72292a0c3e
ProcessMaker Plugin Code Execution
Posted Apr 3, 2018
Authored by Brendan Coles | Site metasploit.com

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.

tags | exploit, web, php
systems | linux, windows, debian, 7
MD5 | 62ca13841303372ebfe7885ec8e1b271
Slackware Security Advisory - php Updates
Posted Apr 1, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | a7016e23d3beb38a24d8e1e1f0708b2b
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
Posted Mar 26, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.

tags | exploit, arbitrary, php, file upload
systems | linux, windows, 7
MD5 | d2275d600b73e806af00c2c4d704c496
Ubuntu Security Notice USN-3600-1
Posted Mar 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3600-1 - It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, php, xss
systems | linux, ubuntu
advisories | CVE-2016-10712, CVE-2018-5712, CVE-2018-7584
MD5 | 4120462fc6fd27b1ad02894820c93486
Debian Security Advisory 4142-1
Posted Mar 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.

tags | advisory, remote, web, root, php
systems | linux, debian
advisories | CVE-2018-7490
MD5 | b27d21328ecc754819007e251a72861d
Red Hat Security Advisory 2018-0406-01
Posted Mar 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0406-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2017-7890
MD5 | 5a4ffbd2634a1a77f6456bcc55e8be27
Social Oauth Login PHP SQL Injection
Posted Feb 14, 2018
Authored by Borna Nematzadeh

Social Oauth Login PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 50c6d42d491cdd52647e23330f7ba0bf
Ubuntu Security Notice USN-3566-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3566-1 - It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, xss
systems | linux, ubuntu
advisories | CVE-2017-12933, CVE-2017-16642, CVE-2018-5712
MD5 | 0b5c9a022daec85647b0067cd2617764
PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting
Posted Feb 7, 2018
Authored by Prasenjit Kanti Paul

PHP Scripts Mall Doctor Search Script version 1.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2018-6655
MD5 | be08ecb0a94b7c67c36583ccda5fc834
WordPress Core Denial Of Service
Posted Feb 6, 2018
Authored by Ali Razmjoo

WordPress load-scripts.php denial of service exploit.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
MD5 | c5199aa5847b27d9f9ce21b843ab9fee
WordPress Core load-scripts.php Denial Of Service
Posted Feb 5, 2018
Authored by Barak Tawily

WordPress Core suffers from a load-scripts.php denial of service vulnerability.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
MD5 | 7fb9f333287d6bceb67916a30184fc61
Slackware Security Advisory - php Updates
Posted Feb 4, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2018-5711, CVE-2018-5712
MD5 | f1eeaefa5650451e1a2567427e5c6303
Event Manager PHP Script 1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2018-6576
MD5 | bc5abfcc22424338eaa96b3208042ce0
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
Posted Jan 26, 2018
Authored by Nicolas Buzy-Debat

WordPress Splashing Images plugin version 2.1 suffers from PHP object injection and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
advisories | CVE-2018-6194, CVE-2018-6195
MD5 | 2074b9733bf382d13829e0d172ba5646
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
MD5 | 378cc7a64ba0d3b9625bf7d0daeb9bd6
CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php.

tags | advisory, php, xss
advisories | CVE-2018-5965
MD5 | d2044b874e380c62d644f523c1cd981f
CMS Made Simple 2.2.5 moduleinterface.php title Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php.

tags | advisory, php, xss
advisories | CVE-2018-5964
MD5 | 2d3ebcdbc68d9092e39263cfe7528fbb
Debian Security Advisory 4094-1
Posted Jan 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4094-1 - It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2017-1000480
MD5 | dfcee3b5f519bf8bee3c485dbbc05993
LiveZilla 7.0.6.0 Cross Site Scripting
Posted Jan 16, 2018
Authored by Tim Kretschmann

LiveZilla version 7.0.6.0 suffers from a cross site scripting vulnerability in knowledgebase.php.

tags | exploit, php, xss
advisories | CVE-2017-15869
MD5 | 269d0247d9cc0df479adf64266b91d9c
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
Posted Jan 15, 2018
Authored by absolomb

pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.

tags | exploit, php
advisories | CVE-2014-4688
MD5 | 0119ea7e4ed56c2dfa60e99cdbfcc55b
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
Posted Jan 11, 2018
Authored by Omar Mezrag, Algeria, Realistic Security | Site metasploit.com

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

tags | exploit, remote, web, arbitrary, local, root, php, file upload
advisories | CVE-2015-8279, CVE-2017-16524
MD5 | a040c104d632cd4ba7549225102c8f38
Debian Security Advisory 4080-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642
MD5 | 7a923ed447a8c3d28e10e24fe62a1992
Debian Security Advisory 4081-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4081-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12933, CVE-2017-16642
MD5 | fdb7bf3837629f4a8ca9b2cef7a169ad
VideoDuo 3.1 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

VideoDuo Video Search Engine PHP script version 3.1 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | e2d8339c00f2cea48ab6ead24eb86774
Page 1 of 187
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close