Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
f60def224c0da5db858f33bf6eef0e47Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
b0ea49baf368fafefa60aaacd3034567Xavier PHP Login Script and User Management Admin Panel version 2.4 suffers from a remote SQL injection vulnerability.
1da452202b8527a25808c6c827c89575IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.
acf1047cf6ec465e6ff49df652940fd6This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
1b15a640f92c98f62fa52a0340553730google-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.
01570bb024997801f85e3290dadda5efBanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.
9be975678becc6c229ea7ef576b4a2ffThis Metasploit module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session. logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue. Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.
def1cf31ae496fb40d65c478545ef605A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
c2f465d0fafdbcf4b9a63fb413f084f5PHP version 7.1.2 suffers from an incorrect behavior with fsockopen.
13ada8d30286301511583f7ca95b33ceDzSoft PHP Editor version 4.2.7 suffers from a file enumeration vulnerability.
01da8ee53f1911e1330446599d359f0cPHP Real Estate Property Script suffers from a remote SQL injection vulnerability.
3d67dc50b3ad8d1fba3124ac069f34f6PHP Forum Script version 3.0 suffers from a remote SQL injection vulnerability.
450718e194d8388aaf31ee678c02e00bPHP Entrepreneur script version 1.2 suffers from a remote SQL injection vulnerability.
ddfe2ee84fd9b4ef6582fae4efe60afcPHP Classifieds Rental script version 3.6.0 suffers from a remote SQL injection vulnerability.
9e1b2fe38a8d425c65134a8294faf863PHP B2B script version 3.05 suffers from a remote SQL injection vulnerability.
36f13af55aaae34f0c1d086605c3f71dSimple PHP proof of concept exploit that demonstrates username enumeration in WordPress versions prior to 4.7.1.
c466685d3f06c12ee2ebd82a5c061d89WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.
d7391c18f04b169df0122e11b1c3dec8buntu Security Notice 3211-2 - USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
7ce6a856c68f82a64ec200d01585c249PHP Classified OLX Clone Script suffers from a remote SQL injection vulnerability.
de1bc4720fc1717b7fa1f9ac7f669194WordPress Analytics Stats Counter Statistics plugin version 1.2.2.5 suffers from a PHP object injection vulnerability.
91725ba3f4733fa4edc420ef97e32a71This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1
c403c0d00272c2fb94d0906435878b17The EasyCom AS400 (iBMI) PHP API suffers from a buffer overflow vulnerability.
8bac9a148fdc87f189881b33bba0ac27Ubuntu Security Notice 3211-1 - It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
2bee79edbf2c54e0838901347551e7bfGentoo Linux Security Advisory 201702-29 - Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Versions less than 5.6.30 are affected.
285dea360f0016eb3a446ad5ace4117c
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed