Exploit the possiblities
Showing 1 - 25 of 4,663 RSS Feed

PHP Files

Social Oauth Login PHP SQL Injection
Posted Feb 14, 2018
Authored by Borna Nematzadeh

Social Oauth Login PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 50c6d42d491cdd52647e23330f7ba0bf
Ubuntu Security Notice USN-3566-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3566-1 - It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, xss
systems | linux, ubuntu
advisories | CVE-2017-12933, CVE-2017-16642, CVE-2018-5712
MD5 | 0b5c9a022daec85647b0067cd2617764
PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting
Posted Feb 7, 2018
Authored by Prasenjit Kanti Paul

PHP Scripts Mall Doctor Search Script version 1.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2018-6655
MD5 | be08ecb0a94b7c67c36583ccda5fc834
WordPress Core Denial Of Service
Posted Feb 6, 2018
Authored by Ali Razmjoo

WordPress load-scripts.php denial of service exploit.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
MD5 | c5199aa5847b27d9f9ce21b843ab9fee
WordPress Core load-scripts.php Denial Of Service
Posted Feb 5, 2018
Authored by Barak Tawily

WordPress Core suffers from a load-scripts.php denial of service vulnerability.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
MD5 | 7fb9f333287d6bceb67916a30184fc61
Slackware Security Advisory - php Updates
Posted Feb 4, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2018-5711, CVE-2018-5712
MD5 | f1eeaefa5650451e1a2567427e5c6303
Event Manager PHP Script 1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2018-6576
MD5 | bc5abfcc22424338eaa96b3208042ce0
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
Posted Jan 26, 2018
Authored by Nicolas Buzy-Debat

WordPress Splashing Images plugin version 2.1 suffers from PHP object injection and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
advisories | CVE-2018-6194, CVE-2018-6195
MD5 | 2074b9733bf382d13829e0d172ba5646
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
MD5 | 378cc7a64ba0d3b9625bf7d0daeb9bd6
CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php.

tags | advisory, php, xss
advisories | CVE-2018-5965
MD5 | d2044b874e380c62d644f523c1cd981f
CMS Made Simple 2.2.5 moduleinterface.php title Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php.

tags | advisory, php, xss
advisories | CVE-2018-5964
MD5 | 2d3ebcdbc68d9092e39263cfe7528fbb
Debian Security Advisory 4094-1
Posted Jan 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4094-1 - It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2017-1000480
MD5 | dfcee3b5f519bf8bee3c485dbbc05993
LiveZilla 7.0.6.0 Cross Site Scripting
Posted Jan 16, 2018
Authored by Tim Kretschmann

LiveZilla version 7.0.6.0 suffers from a cross site scripting vulnerability in knowledgebase.php.

tags | exploit, php, xss
advisories | CVE-2017-15869
MD5 | 269d0247d9cc0df479adf64266b91d9c
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
Posted Jan 15, 2018
Authored by absolomb

pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.

tags | exploit, php
advisories | CVE-2014-4688
MD5 | 0119ea7e4ed56c2dfa60e99cdbfcc55b
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
Posted Jan 11, 2018
Authored by Omar Mezrag, Algeria, Realistic Security | Site metasploit.com

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

tags | exploit, remote, web, arbitrary, local, root, php, file upload
advisories | CVE-2015-8279, CVE-2017-16524
MD5 | a040c104d632cd4ba7549225102c8f38
Debian Security Advisory 4080-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642
MD5 | 7a923ed447a8c3d28e10e24fe62a1992
Debian Security Advisory 4081-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4081-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12933, CVE-2017-16642
MD5 | fdb7bf3837629f4a8ca9b2cef7a169ad
VideoDuo 3.1 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

VideoDuo Video Search Engine PHP script version 3.1 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | e2d8339c00f2cea48ab6ead24eb86774
User Login And Management PHP Script 1.0 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

User Login and Management PHP script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 9f3805e263066c1dcd3932c12974fdae
b2evolution CMS 6.8.10 PHP Code Execution
Posted Jan 3, 2018
Authored by Anti Rais

b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2017-1000423
MD5 | 2ca4c469ed9373d047c433e8983b7855
PHP Melody 2.7.1 SQL Injection
Posted Dec 31, 2017
Authored by Ahmad Mahfouz

PHP Melody version 2.7.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 7397857681410133de87923b564c1da0
Chatting System PHP Ajax MySQL JavaScript 1.0 Shell Upload
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php, javascript
MD5 | 6965ee7b894ef707384f83dda4e6dd4a
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, javascript, xss
MD5 | 8080ac0081699a839acf51f994db6389
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
Posted Dec 28, 2017
Authored by wetw0rk, Jared Stephens | Site metasploit.com

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

tags | exploit, remote, arbitrary, root, php
systems | bsd
MD5 | 9e31715f8e4cf15c616cd81794fa4e26
GoodTravel Travel And Locations 1.0 Cross Site Scripting
Posted Dec 28, 2017
Authored by ShanoWeb

GoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | c2a461b1002f9b29d0789f75b5b9c583
Page 1 of 187
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close