what you don't know can hurt you
Showing 1 - 25 of 4,951 RSS Feed

PHP Files

Online Voting System Project In PHP Cross Site Scripting
Posted Dec 2, 2020
Authored by Sagar Banwa

Online Voting System Project in PHP suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 89b15c6e9643f5e189ef4b32f2c59242
Red Hat Security Advisory 2020-5275-01
Posted Dec 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.

tags | advisory, web, overflow, php, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | 15b6e660f7ec10e7b1caf283b0e647fa
Online Job Portal In PHP/PDO 1.0 SQL Injection
Posted Nov 30, 2020
Authored by Mohamed Elobeid

Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | cb398e4945a60c2e520ea688340416bb
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
MD5 | 5db0392e6b4ca81a678c8e7564a34918
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
MD5 | 53dc99d870452eb23bdf7882ccb0c3e3
Online Doctor Appointment Booking System PHP And MySQL 1.0 SQL Injection
Posted Nov 17, 2020
Authored by Ramil Mustafayev

Online Doctor Appointment Booking System PHP and MySQL version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 3e8e325ed4abf3f78a52effcfddad10f
HorizontCMS 1.0.0-beta Shell Upload
Posted Nov 13, 2020
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2020-27387
MD5 | b1586e133ec28d35e83ec172e95fe1d0
WordPress File Manager 6.8 Remote Code Execution
Posted Nov 10, 2020
Authored by Imran E. Dawoodjee, Alex Souza | Site metasploit.com

The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.

tags | exploit, remote, arbitrary, php
advisories | CVE-2020-25213
MD5 | 33be7d7b4c3915b9705e403be54c86a0
Nagios XI 5.7.3 Remote Command Injection
Posted Oct 28, 2020
Authored by Chris Lyne, Matthew Aberegg

Nagios XI version 5.7.3 mibs.php remote command injection exploit.

tags | exploit, remote, php
advisories | CVE-2020-5791
MD5 | 8e729d2d07e2d318addb68643737cde7
Ubuntu Security Notice USN-4583-2
Posted Oct 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. Various other issues were also addressed.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-7069, CVE-2020-7070
MD5 | 8943172472289400ae6eeaa13c5ed52b
Ubuntu Security Notice USN-4586-1
Posted Oct 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-11037
MD5 | f6fae5027be9e5b089b950f64fd8d5ab
Visitor Management System In PHP 1.0 SQL Injection
Posted Oct 20, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25760
MD5 | 8033f7aca5a8c9fe62862c58e36e983e
ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution
Posted Oct 19, 2020
Authored by LiquidWorm | Site zeroscience.mk

ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.

tags | exploit, remote, web, php, code execution, file upload
MD5 | 27df19dca8c37dc3db671041baa681bf
Ubuntu Security Notice USN-4583-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4583-1 - It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. Various other issues were also addressed.

tags | advisory, web, php
systems | linux, ubuntu
advisories | CVE-2020-7069, CVE-2020-7070
MD5 | 12cf9b32480b82e7ad683d2a4b2e6274
Typesetter CMS 5.1 Remote Code Execution
Posted Oct 7, 2020
Authored by Rodolfo Tavares | Site tempest.com.br

Typesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.

tags | advisory, php, code execution
advisories | CVE-2020-25790
MD5 | 5524c94291b9260c89573ff9a567213e
SpamTitan 7.07 Remote Code Execution
Posted Oct 5, 2020
Authored by Felipe Molina

SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php.

tags | exploit, remote, php, code execution
advisories | CVE-2020-11698
MD5 | a3dbab90c996c6fb7053300bdca18311
SpinetiX Fusion Digital Signage 3.4.8 Path Traversal
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

SpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.

tags | exploit, arbitrary, php
MD5 | 7f728d906bc879ebc132cb19c060a6c2
MaraCMS 7.5 Remote Code Execution
Posted Sep 28, 2020
Authored by Erik Wynter, Michele Cisternino | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).

tags | exploit, web, arbitrary, shell, root, php, file upload
systems | linux, windows
advisories | CVE-2020-25042
MD5 | f3fcdcf0924156e882b29740d16480f8
Visitor Management System In PHP 1.0 Cross Site Scripting
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2020-25761
MD5 | d64c37a536ecac0b5d3e1dac3dbcaa45
Visitor Management System In PHP 1.0 SQL Injection
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25760
MD5 | eb513471e0235ff5f467e06b619ab1d2
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Posted Sep 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

B-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in the /usr/users directory. Due to an undocumented and hidden maintenance account admin_m which has the highest privileges in the application, an attacker can use these hard-coded credentials to authenticate and use the vulnerable image upload functionality to execute code on the server.

tags | exploit, arbitrary, php, code execution
MD5 | b8122e7dc5d8a3a0549b1366c4226983
Mida Solutions eFramework ajaxreq.php Command Injection
Posted Sep 16, 2020
Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-15920
MD5 | 1b7215ff6d3355202c2e796fb94a2cac
Gentoo Linux Security Advisory 202009-10
Posted Sep 14, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202009-10 - A vulnerabilities in PHP could lead to a Denial of Service condition. Versions less than 7.2.33:7.2 are affected.

tags | advisory, denial of service, php, vulnerability
systems | linux, gentoo
advisories | CVE-2020-7068
MD5 | d02ea2e4e445ae9dc9a0319b525b6459
Red Hat Security Advisory 2020-3662-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, php, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | 1e12fa29983b7f83af758496e3d90857
D-Link Central WiFi Manager CWM(100) Remote Code Execution
Posted Aug 18, 2020
Authored by M3 at ZionLab, Redouane Niboucha | Site metasploit.com

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.

tags | exploit, php, code execution
advisories | CVE-2019-13372
MD5 | ad4f9d0e1e861c8a9f9b8b0544120a4c
Page 1 of 199
Back12345Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close