Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
7c99b12b4316d40822aec03a738c08d2f71e83f8ccbfc93224b96903f3515868Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
0069a8ea5cc51d5ef3e22cd8bb63e827819ebc41dadb05af036e8a0cb29b90c5GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.
79e57c6d95c397c23ce4c4203e72406e2900a93befed691fbc0ae540ed7a9cf4Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
f3e99d07ab1ab0d469a1a39ceb456ac6dc86fdcbd9071ad8690ce38ecca5a7ffDerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3eDerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
8f9e6fd28f6cfe91749cb218425046ee910787a3a9fd05dafed94fca09da5a72DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.
d7ac5458d2d0756d2d607450406a0027661faffb3740c59db51f83e2e7620fe8DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.
6ac6f7dc08e5aa36734a4a3929671a6b16c39f23cfa800f533b74b3aa6969051A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.
72a1060cc659927cdff0d3fabd91138203688e06b807e728473d37ed3e99a9d3Online Hotel Booking in PHP version 1.0 suffers from a remote blind SQL injection vulnerability.
dba5f6da9bbb1db4830270fe91b72c0f36ec37923f4911d24100811a4c3c40dbLMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
049c8de17cf497bf303930585481eadeb964f519906d25f2f09f96d1d4f41c47This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.
5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.
769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
57a616cd0cf4b87402d807007a9cc4baf3849c77c283470d324acd935adbc001Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.
5e13068f973fafd73dbd6db137d7088337677e0ff95c185b8076cc2a7f0f192fGibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
59928ae4eff1731c08c74e479a51ac4208ffe4eba4d4ff9a8f5158374bc15227Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.
41b32f3945ea62d6717b9bcf3c2f3261d62077b5c247d91363fa5b2bd9022945MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.
06dd3743528c052502c13e65a54289e54ef53298ff6beb4c6ee8a4810bae36dfMSMS-PHP version 1.0 suffers from a remote SQL injection vulnerability.
07a4b17a4586262f742fb0c1fbec3bfb2ad51bbc7b9e70e96de453b70e201f61The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customer_support/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020.
718d48eb7ca237f5f3ee83bb6118e210de87e3b83055bc4ece1ed2ad4b88e9d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed