exploit the possibilities
Showing 1 - 25 of 4,832 RSS Feed

PHP Files

Ubuntu Security Notice USN-4097-2
Posted Aug 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4097-2 - USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11041
MD5 | 78dca1533d9f697a55b2bb9ad0c98d47
Ubuntu Security Notice USN-4097-1
Posted Aug 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4097-1 - It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11041
MD5 | 8f4b0ec2ca1de60068711607cd3619f2
Joomla JS Support Ticket 1.1.6 SQL Injection
Posted Aug 12, 2019
Authored by qw3rTyTy

Joomla JS Support Ticket component version 1.1.6 suffers from a remote SQL injection vulnerability in ticketreply.php.

tags | exploit, remote, php, sql injection
MD5 | 3ea9e32ea71f28703d1ccfca184e503f
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
Posted Aug 12, 2019
Authored by Angelo Ruwantha

BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability in booking_details.php.

tags | exploit, php, xss
advisories | CVE-2014-4035
MD5 | cb91e2a4b389dc6caaadf2ebafb7bb6d
Joomla JS Support Ticket 1.1.6 Arbitrary File Deletion
Posted Aug 12, 2019
Authored by qw3rTyTy

Joomla JS Support Ticket component version 1.1.6 suffers from an arbitrary file deletion vulnerability in ticket.php.

tags | exploit, arbitrary, php
MD5 | d5c4574a75aefd5ce55aeb970189d93d
UNA 10.0.0 RC1 Cross Site Scripting
Posted Aug 12, 2019
Authored by Greg Priest

UNA version 10.0.0 RC1 suffers from a persistent cross site scripting vulnerability in polyglot.php.

tags | exploit, php, xss
advisories | CVE-2019-14804
MD5 | ec9eee5192777cb8c329f9ce8f2c7370
Joomla JS Jobs 1.2.5 SQL Injection
Posted Aug 12, 2019
Authored by qw3rTyTy

Joomla JS Jobs component version 1.2.5 suffers from a remote SQL injection vulnerability in cities.php.

tags | exploit, remote, php, sql injection
MD5 | 8f0f4fdcefb3d109c21dff30c8ed8860
osTicket 1.12 Cross Site Scripting
Posted Aug 11, 2019
Authored by Aishwarya Iyer

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.

tags | exploit, php, xss
advisories | CVE-2019-14750
MD5 | e8e356d6eb5ab1df3d21abcb7dadd26f
Ubuntu Security Notice USN-4088-1
Posted Aug 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4088-1 - It was discovered that PHP incorrectly handled certain regular expressions. An attacker could possibly use this issue to expose sensitive information, cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-13224
MD5 | ed4b58bc7094ad86318294e6a345fed2
Active PHP Bookmarks 1.3 SQL Injection
Posted Aug 5, 2019
Authored by Todor Donev

Active PHP Bookmarks version 1.3 suffer from a cookie_auth error-based remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 95549322c6d6c54be90a59cfcd3af5fc
Yahei-PHP Prober 0.4.7 HTML Injection
Posted Jul 25, 2019
Authored by LiquidWorm | Site zeroscience.mk

Yahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.

tags | exploit, remote, php
MD5 | eb98108b01a92b8fac447bf19361759a
PHP Laravel Framework Token Unserialize Remote Command Execution
Posted Jul 15, 2019
Authored by aushack, Stale Pettersen | Site metasploit.com

This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation.

tags | exploit, remote, web, php, vulnerability
advisories | CVE-2017-16894, CVE-2018-15133
MD5 | 7094c48d642dbb2c66067663c6ef39d9
FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'msg' parameter (GET) in pluginInstall.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing, as well as other attacks.

tags | exploit, arbitrary, php, vulnerability, xss
MD5 | 4b4dab0df321f565a9ff46178b0c3e27
FaceSentry Access Control System 6.4.8 Remote Root
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.

tags | exploit, arbitrary, shell, root, php
MD5 | dd18875e9898a4dc1ba25878fabbd4ac
FaceSentry Access Control System 6.4.8 Remote Command Injection
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.

tags | exploit, arbitrary, shell, root, php
MD5 | 199e4f309260b0968b822e4736a02fc7
SeedDMS out.GroupMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.

tags | exploit, php, xss
advisories | CVE-2019-12801
MD5 | efab9c0a2c9907f8dd00137f56bab316
SeedDMS out.UsrMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.

tags | exploit, php, xss
advisories | CVE-2019-12745
MD5 | c5f95efb508f1b497856340ab872055a
Debian Security Advisory 4468-1
Posted Jun 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4468-1 - A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.

tags | advisory, remote, php, code execution
systems | linux, debian
advisories | CVE-2019-9858
MD5 | 8986d8b459935d9effe1ace9426849db
AROX School-ERP Pro Unauthenticated Remote Code Execution
Posted Jun 17, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.

tags | exploit, php
MD5 | 535708ae0f4586c8a0feda2390f4b619
WebLord WL-Nuke Coppermine For PHP-Nuke 1.3.1c SQL Injection
Posted Jun 13, 2019
Authored by KingSkrupellos

WebLord WL-Nuke Coppermine for PHP-Nuke version 1.3.1c suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 3f432015c33a468b733bff06ec61ce49
Ubuntu Security Notice USN-4009-2
Posted Jun 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4009-2 - USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11039, CVE-2019-11040
MD5 | ab60086f80ef9a8e14e53528324d4180
Ubuntu Security Notice USN-4009-1
Posted Jun 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4009-1 - It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-11036, CVE-2019-11039, CVE-2019-11040
MD5 | 638d5cd9888d64fae8449b7f0ed21c05
LibreNMS addhost Command Injection
Posted Jun 4, 2019
Authored by Shelby Pace, mhaskar | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the popen function in capture.inc.php, which can result in execution of arbitrary code. This module requires authentication to LibreNMS first.

tags | exploit, arbitrary, shell, php
advisories | CVE-2018-20434
MD5 | 1e5777dda1da78cd1019c88880b3908d
Interspire Email Marketer 6.20 Remote Code Execution
Posted May 23, 2019
Authored by numan turle

Interspire Email Marketer version 6.20 suffers from a remote code execution vulnerability in surveys_submit.php.

tags | exploit, remote, php, code execution
advisories | CVE-2018-19550
MD5 | b195e66a0ac9e8901e18bb374e2f4d7a
Ubuntu Security Notice USN-3566-2
Posted May 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10712, CVE-2017-11362, CVE-2017-12933, CVE-2018-20783, CVE-2019-11036
MD5 | 58559ab5996b6d070244fb449b0aaed5
Page 1 of 194
Back12345Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close