Twenty Year Anniversary
Showing 1 - 25 of 4,721 RSS Feed

PHP Files

Ubuntu Security Notice USN-3766-2
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3766-2 - USN-3766-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2018-14851
MD5 | a6da1b13303103e6972312ac2ca98410
Moodle 3.x PHP Unserialize Remote Code Execution
Posted Sep 19, 2018
Authored by Johannes Moritz | Site sec-consult.com

Moodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2018-14630
MD5 | 4230dd49813d98f84c6358427e417b39
Ubuntu Security Notice USN-3766-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2015-9253
MD5 | 13f0348bda82b5ca1eba85e0d5b724d6
Slackware Security Advisory - php Updates
Posted Sep 17, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | 5f3e62dec417873d80984702db0e07ef
PHP File Browser Script 1 Directory Traversal
Posted Sep 4, 2018
Authored by Ozkan Mustafa Akkus

PHP File Browser Script 1 suffers from a directory traversal vulnerability.

tags | exploit, php, file inclusion
MD5 | 8869edeebd781f2fcebd992664779415
Easylogin Pro 1.3.0 Remote Code Execution
Posted Aug 21, 2018
Authored by mr_me

Easylogin Pro version 1.3.0 suffers from an a deserialization issue in Encryptor.php that permits a code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2018-15576
MD5 | 03801bbaa56a11377a136ef865c65bf3
Debian Security Advisory 4276-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.

tags | advisory, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2017-14650, CVE-2017-9773, CVE-2017-9774
MD5 | 84275deef406d84c7f82d6c07a2ae031
OCS Inventory NG Webconsole Shell Upload
Posted Aug 6, 2018
Authored by Simon Uvarov

OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

tags | exploit, php, file upload
advisories | CVE-2018-14857
MD5 | f671f8d4d1775a87dfdb4e245c86573a
Debian Security Advisory 4262-1
Posted Aug 6, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4262-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.

tags | advisory, denial of service, php, vulnerability, info disclosure, csrf
systems | linux, debian
advisories | CVE-2016-2403, CVE-2017-1665, CVE-2017-16653, CVE-2017-16654, CVE-2017-16790, CVE-2018-11385, CVE-2018-11386, CVE-2018-11406
MD5 | 9d90561cb123024abe81fc4647a6aff3
PHP Template Store Script 3.0.6 Cross Site Scripting
Posted Aug 3, 2018
Authored by Sarafraz Khan

PHP Template Store Script version 3.0.6 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
advisories | CVE-2018-14869
MD5 | 955dd57ab80d69477021cb73445e4ecf
HRSale 1.0.6 Local File Disclosure
Posted Jul 31, 2018
Authored by ShanoWeb

HRSale HR Management PHP script version 1.0.6 suffers from a local file disclosure vulnerability.

tags | exploit, local, php, info disclosure
MD5 | 7359826a28a3b8ffd79965cd3b39d5bf
MicroFocus Secure Messaging Gateway Remote Code Execution
Posted Jul 31, 2018
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding, which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. Combining these vulnerabilities gives the opportunity execute operation system commands under the context of the web user.

tags | exploit, web, php, vulnerability, sql injection
advisories | CVE-2018-12464, CVE-2018-12465
MD5 | e1ed8b7a67ea6ddd018934d8c751a6d1
Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution
Posted Jul 30, 2018
Authored by Benjamin Daniel Mussler, Touhid M.Shaikh | Site metasploit.com

Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.

tags | exploit, php
advisories | CVE-2015-6000, CVE-2016-1713
MD5 | 72429cacd6f8d8507d950f72f13a44cd
Super CMS Blog Pro PHP Script 1.0 Cross Site Scripting
Posted Jul 28, 2018
Authored by Guia Brahim Fouad

Super CMS Blog Pro PHP Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 65c8fcb0181b7cc5639b9ffd8ad8014c
Super CMS Blog Pro PHP Script 1.0 SQL Injection / Shell Upload
Posted Jul 27, 2018
Authored by ShanoWeb

Super CMS Blog Pro PHP Script version 1.0 suffers from shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, php, vulnerability, sql injection
MD5 | 4d4af76da07a9471a1cd3679240ce824
NUUO NVRmini upgrade_handle.php Remote Command Execution
Posted Jul 24, 2018
Authored by Berk Dusunur

NUUO NVRmini suffers from a remote command execution vulnerability in upgrade_handle.php.

tags | exploit, remote, php
MD5 | 929ca4e4e4ddf2ac4f48d2373e20ba9b
Slackware Security Advisory - php Updates
Posted Jul 23, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | 16dbf231d102e07198b15fae7baa2d9d
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
Posted Jul 19, 2018
Authored by Jacob Robles, Mustafa Hasen | Site metasploit.com

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.

tags | exploit, php
advisories | CVE-2018-1000094
MD5 | 1cbcf8ed9ea5ef18b9981873d99697eb
phpMyAdmin Authenticated Remote Code Execution
Posted Jul 12, 2018
Authored by Jacob Robles, ChaMd5, Henry Huang | Site metasploit.com

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

tags | exploit, local, php, file inclusion
advisories | CVE-2018-12613
MD5 | 8806abb9a5685ea849d530a130566416
Monstra CMS Authenticated Arbitrary File Upload
Posted Jul 11, 2018
Authored by Touhid M.Shaikh, Ishaq Mohammed | Site metasploit.com

Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4.

tags | exploit, remote, arbitrary, php
advisories | CVE-2017-18048
MD5 | 7dbdf348dbb60d19f6dfcb69ab4f25d5
GitList 0.6.0 Argument Injection
Posted Jul 7, 2018
Authored by Kacper Szurek, Shelby Pace | Site metasploit.com

This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.

tags | exploit, php
MD5 | a1733d5d120783b5373e9c89db24e4a6
Debian Security Advisory 4240-1
Posted Jul 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4240-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-7584
MD5 | eaff28711d8000b812023696350c581c
Ubuntu Security Notice USN-3702-2
Posted Jul 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3702-2 - USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2018-12882
MD5 | 8fe6d115b16c29298453c43df9af9f61
Ubuntu Security Notice USN-3702-1
Posted Jul 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3702-1 - It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2018-12882
MD5 | 91cf13f6abb86654377d8a466daabf9a
Dolibarr ERP CRM 7.0.3 Code Injection
Posted Jul 2, 2018
Authored by om3rcitak

Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | c3c0b8993ddf32695f9afefe4a832269
Page 1 of 189
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close