exploit the possibilities
Showing 1 - 25 of 4,869 RSS Feed

PHP Files

YouPHPTube 7.7 SQL Injection
Posted Dec 4, 2019
Authored by EgiX | Site karmainsecurity.com

YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2019-18662
MD5 | bda45fa0236ae4d5e784d5a3ac75112a
WordPress Plainview Activity Monitor 20161228 Remote Command Execution
Posted Nov 29, 2019
Authored by Leo LE BOUTER | Site metasploit.com

WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.

tags | exploit, php
advisories | CVE-2018-15877
MD5 | 8bacd47eae727e0caea978775817a289
Debian Security Advisory 4576-1
Posted Nov 26, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4576-1 - An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of service, or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, php
systems | linux, debian
advisories | CVE-2019-11037
MD5 | 1c0c97a2183857fe2d941f5ce7401baf
Remote File Inclusion / Local File Inclusion Attack And Defense Techniques
Posted Nov 24, 2019
Authored by Ismail Tasdelen

Whitepaper called Remote File Inclusion / Local File Inclusion Attack and Defense Techniques. This paper focuses on PHP-based attacks.

tags | paper, remote, local, php, file inclusion
MD5 | 34f21e6ac1aa7a3653bb417dc20e8aaf
Debian Security Advisory 4573-1
Posted Nov 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.

tags | advisory, php, vulnerability, code execution
systems | linux, debian
advisories | CVE-2019-18887, CVE-2019-18888, CVE-2019-18889
MD5 | acccbf4720ec0e008144ea8d17fd7c82
FusionPBX Operator Panel exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles, Dustin Cobb | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11409
MD5 | 8371c066836fe4c5336f32a7b5aa18d5
FusionPBX Command exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with exec_view permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, shell, php
systems | linux, ubuntu
MD5 | f85a37b65def4dd691f01bcc8dc57001
CMS Made Simple 2.2.8 Remote Code Execution
Posted Nov 13, 2019
Authored by Daniele Scanu | Site metasploit.com

An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.

tags | exploit, php
advisories | CVE-2019-9055
MD5 | 3b3ade2ee27236b704dbdfaf2c3827c1
Linear eMerge E3 1.00-06 card_scan_decoder.php Command Injection
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Linear eMerge E3 versions 1.00-06 and below unauthenticated command injection remote root exploit that leverages card_scan_decoder.php.

tags | exploit, remote, root, php
advisories | CVE-2019-7256
MD5 | 44a9793e2a7284d735e5ee358d786e4b
Linear eMerge E3 1.00-06 card_scan.php Command Injection
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Linear eMerge E3 versions 1.00-06 and below unauthenticated command injection remote root exploit that leverages card_scan.php.

tags | exploit, remote, root, php
advisories | CVE-2019-7256
MD5 | 6bc7028052702f5b76c1733414371eb8
rConfig 3.9.2 Command Injection
Posted Nov 7, 2019
Authored by Brendan Coles, mhaskar | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).

tags | exploit, web, arbitrary, php
systems | linux, centos
advisories | CVE-2019-16662
MD5 | 5a8c7959c835ac3cbcc733bb6b9b60ac
Red Hat Security Advisory 2019-3736-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3736-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue has been addressed.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | f7aae271bc0791293c1bdcb48d0c78fa
Red Hat Security Advisory 2019-3735-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3735-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue has been addressed.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | 29b3ad7c82bcd6d2987d7e46cdcbccdd
Red Hat Security Advisory 2019-3724-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3724-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue has been addressed.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | 04147c22152bf5396f6d6a2a49fad314
Red Hat Security Advisory 2019-3300-01
Posted Nov 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3300-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | ea89ba3e13dae1bcf3172b6046169d59
Red Hat Security Advisory 2019-3299-01
Posted Nov 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.

tags | advisory, web, overflow, php, vulnerability
systems | linux, redhat
advisories | CVE-2016-10166, CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640
MD5 | 0b3a743000a8d1ce9382590da63feba1
Red Hat Security Advisory 2019-3286-01
Posted Nov 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3286-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | a411df94a49b4d272eceff9bbc0ef65d
Red Hat Security Advisory 2019-3287-01
Posted Nov 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3287-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | 6d6ec7c1a7537484209f9de4cb88fce8
Mr Blog PHP Cross Site Scripting / SQL Injection
Posted Nov 1, 2019
Authored by z3r0fy

Mr Blog PHP suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
MD5 | 63ea465f4b8e72760edc56f1ad01e690
Ubuntu Security Notice USN-4166-2
Posted Oct 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4166-2 - USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11043
MD5 | ef6238f8e5b72babf4cb9b04e3a3e34b
Ubuntu Security Notice USN-4166-1
Posted Oct 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4166-1 - It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11043
MD5 | 5cf1387d2922807d678f4fbcef9868b0
Gentoo Linux Security Advisory 201910-01
Posted Oct 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201910-1 - A vulnerability in PHP might allow an attacker to execute arbitrary code. Versions less than 7.1.33 are affected.

tags | advisory, arbitrary, php
systems | linux, gentoo
advisories | CVE-2019-11043
MD5 | 29a50835bcd6457081d0c952655829f6
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting
Posted Oct 28, 2019
Authored by Cakes

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | d7df4d782697a7e80efc7fa21b17f0b4
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection
Posted Oct 28, 2019
Authored by Cakes

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 83962e607813e599acbec494542b97c0
PHP-FPM Remote Code Execution
Posted Oct 24, 2019
Authored by Emil Lerner, d90pwn

This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.

tags | exploit, remote, php, code execution
advisories | CVE-2019-11043
MD5 | 4cbdb53c733266a5189ec2df70c12e1b
Page 1 of 195
Back12345Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    9 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close