seeing is believing
Showing 1 - 25 of 4,608 RSS Feed

PHP Files

FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

tags | exploit, remote, arbitrary, root, php, vulnerability
MD5 | 5ddf109d3a422df75105565034f680b0
Gentoo Linux Security Advisory 201709-21
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-21 - Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary code. Versions less than 5.6.31:5.6 are affected.

tags | advisory, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2017-11362, CVE-2017-11628, CVE-2017-12932
MD5 | e37ef91858dce51d5410cc67c898748f
PHP Auction Ecommerce Script 1.6 SQL Injection
Posted Sep 22, 2017
Authored by 8bitsec

PHP Auction Ecommerce Script version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 1bbb761c85a0eeb2c41619563fcc7584
Carlo Gavazzi Powersoft 2.1.1.1 Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested

tags | exploit, php, file inclusion
MD5 | 7ead626f719b2712cc6f6e65a79e2c9f
PHP Dashboards NEW 4.4 SQL Injection
Posted Sep 12, 2017
Authored by Ihsan Sencan

PHP Dashboards NEW version 4.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | db1a533b5870ca5c881efd5b9d56039e
PHP Dashboards NEW 4.4 Arbitrary File Read
Posted Sep 12, 2017
Authored by Ihsan Sencan

PHP Dashboards NEW version 4.4 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, php
MD5 | 62b7d50497d65bc8022a41ef2f61bdac
jRank Topsites 1.0 Cross Site Request Forgery / Code Injection
Posted Sep 9, 2017
Authored by Ihsan Sencan

jRank Topsites version 1.0 suffers from a cross site request forgery vulnerability that allows for PHP code injection vulnerability.

tags | exploit, php, csrf
MD5 | f9c9dacf3c805760fedafa777dff54be
Advertiz PHP Script 0.2 Cross Site Request Forgery
Posted Sep 7, 2017
Authored by Ihsan Sencan

Advertiz PHP Script version 0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | fd1b21d9f8c84d00c07247ec58d57074
HP Security Bulletin HPESBHF03770 1
Posted Aug 28, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03770 1 - A potential security vulnerability has been identified in Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat. The vulnerability known as "httpoxy" could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, web, arbitrary, php
advisories | CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388
MD5 | e89a7ac16ee1b5fb1e53d79ab6e79b09
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
Posted Aug 22, 2017
Authored by securiteam | Site metasploit.com

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'new_home_page' parameter of the 'saveHomePage' method allowing arbitrary PHP code to be written to the config.php file. The config.php file is executed in most pages within the application, and accessible directly via the web root, resulting in code execution. This Metasploit module has been tested successfully on IBM OpenAdmin Tool 3.14 on Informix 12.10 Developer Edition (SUSE Linux 11) virtual appliance.

tags | exploit, remote, web, arbitrary, root, php, code execution
systems | linux, suse
advisories | CVE-2017-1092
MD5 | b78839adcfa2b9b750dba9d03fc684b8
PHP Coupon Script 6.0 SQL Injection
Posted Aug 21, 2017
Authored by Ihsan Sencan

PHP Coupon Script version 6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 4d5d302c3fc2243a45c1479db0daa87e
PHP-Lance 1.52 SQL Injection
Posted Aug 21, 2017
Authored by Ihsan Sencan

PHP-Lance version 1.52 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | e8d2d0097ba26f9be292396680c25676
PHP Jokesite 2.0 SQL Injection
Posted Aug 21, 2017
Authored by Ihsan Sencan

PHP Jokesite version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 74908aabc66977a18175cabb83584b15
PHP Scripts Theater Management Script 3.1.5 SQL Injection
Posted Aug 19, 2017
Authored by AnGrY BoY

PHP Scripts Theater Management Script version 3.1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 0edd3fed74a5ea3eac00393ea22745fa
Ubuntu Security Notice USN-3389-1
Posted Aug 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3389-1 - A vulnerability was discovered in GD Graphics Library , as used in PHP before that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read A bytes from the top of the stack.

tags | advisory, php
systems | linux, ubuntu
MD5 | a18b834386443bb94f1292269976dec0
Ubuntu Security Notice USN-3389-2
Posted Aug 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3389-2 - USN-3389-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. A vulnerability was discovered in GD Graphics Library , as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to A read bytes from the top of the stack. Various other issues were also addressed.

tags | advisory, php
systems | linux, ubuntu
MD5 | 9723c2c8c1e56692e9c61e6c12d17618
Ubuntu Security Notice USN-3382-1
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3382-1 - It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, local, php
systems | linux, ubuntu
advisories | CVE-2015-8994, CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
MD5 | 984ca408a3f1b29c60c732d8e6ab82d4
Joomla PHP-Bridge 1.2.3 SQL Injection
Posted Aug 3, 2017
Authored by Ihsan Sencan

Joomla PHP-Bridge component version 1.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | e758c0825c15612d960b25a95f55f5f7
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

tags | exploit, remote, arbitrary, shell, root, php, code execution
MD5 | f60def224c0da5db858f33bf6eef0e47
Slackware Security Advisory - php Updates
Posted Jul 8, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
MD5 | b0ea49baf368fafefa60aaacd3034567
Xavier 2.4 SQL Injection
Posted Jun 7, 2017
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Xavier PHP Login Script and User Management Admin Panel version 2.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 1da452202b8527a25808c6c827c89575
IBM Informix Dynamic Server DLL Injection / Code Execution
Posted May 31, 2017
Site securiteam.com

IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.

tags | exploit, overflow, php, vulnerability
advisories | CVE-2016-2183, CVE-2017-1092
MD5 | acf1047cf6ec465e6ff49df652940fd6
MediaWiki SyntaxHighlight Extension Option Injection
Posted May 20, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

tags | exploit, root, php
advisories | CVE-2017-0372
MD5 | 1b15a640f92c98f62fa52a0340553730
Google API PHP Client 2.1.3 Cross Site Scripting
Posted May 12, 2017
Authored by Leon Juranic, DefenseCode

google-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 01570bb024997801f85e3290dadda5ef
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
Posted May 11, 2017
Authored by HaHwul

BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 9be975678becc6c229ea7ef576b4a2ff
Page 1 of 185
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    18 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    2 Files
  • 25
    Sep 25th
    19 Files
  • 26
    Sep 26th
    12 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close