Exploit the possiblities
Showing 1 - 25 of 4,651 RSS Feed

PHP Files

LiveZilla 7.0.6.0 Cross Site Scripting
Posted Jan 16, 2018
Authored by Tim Kretschmann

LiveZilla version 7.0.6.0 suffers from a cross site scripting vulnerability in knowledgebase.php.

tags | exploit, php, xss
advisories | CVE-2017-15869
MD5 | 269d0247d9cc0df479adf64266b91d9c
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
Posted Jan 15, 2018
Authored by absolomb

pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.

tags | exploit, php
advisories | CVE-2014-4688
MD5 | 0119ea7e4ed56c2dfa60e99cdbfcc55b
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
Posted Jan 11, 2018
Authored by Omar Mezrag, Algeria, Realistic Security | Site metasploit.com

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

tags | exploit, remote, web, arbitrary, local, root, php, file upload
advisories | CVE-2015-8279, CVE-2017-16524
MD5 | a040c104d632cd4ba7549225102c8f38
Debian Security Advisory 4080-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642
MD5 | 7a923ed447a8c3d28e10e24fe62a1992
Debian Security Advisory 4081-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4081-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12933, CVE-2017-16642
MD5 | fdb7bf3837629f4a8ca9b2cef7a169ad
VideoDuo 3.1 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

VideoDuo Video Search Engine PHP script version 3.1 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | e2d8339c00f2cea48ab6ead24eb86774
User Login And Management PHP Script 1.0 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

User Login and Management PHP script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 9f3805e263066c1dcd3932c12974fdae
b2evolution CMS 6.8.10 PHP Code Execution
Posted Jan 3, 2018
Authored by Anti Rais

b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2017-1000423
MD5 | 2ca4c469ed9373d047c433e8983b7855
PHP Melody 2.7.1 SQL Injection
Posted Dec 31, 2017
Authored by Ahmad Mahfouz

PHP Melody version 2.7.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 7397857681410133de87923b564c1da0
Chatting System PHP Ajax MySQL JavaScript 1.0 Shell Upload
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php, javascript
MD5 | 6965ee7b894ef707384f83dda4e6dd4a
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, javascript, xss
MD5 | 8080ac0081699a839acf51f994db6389
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
Posted Dec 28, 2017
Authored by wetw0rk, Jared Stephens | Site metasploit.com

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

tags | exploit, remote, arbitrary, root, php
systems | bsd
MD5 | 9e31715f8e4cf15c616cd81794fa4e26
GoodTravel Travel And Locations 1.0 Cross Site Scripting
Posted Dec 28, 2017
Authored by ShanoWeb

GoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | c2a461b1002f9b29d0789f75b5b9c583
PHP Web Stat 4.5.03 Backdoor Account
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 has a backdoor admin account with a password of admin.

tags | exploit, web, php
MD5 | 9436443a2953d5eded423dda77700b78
PHP Web Stat 4.5.03 Cross Site Scripting
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 suffers from a cross site scripting vulnerability.

tags | exploit, web, php, xss
MD5 | 51622091cd9294b6f4a4bd8ea3c5c88f
PHP Web Stat 4.5.03 Database Disclosure
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 suffers from a database backup disclosure vulnerability.

tags | exploit, web, php, info disclosure
MD5 | d6db1db63c85e5f36ae5a115ae861aa8
PHP Web Stat 4.x.x Information Disclosure
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stats versions 4.x.x suffers from an information disclosure vulnerability.

tags | exploit, web, php, info disclosure
MD5 | ff34e66846fe9d67c26d9fc933a4df8c
News PHP 1.031 SQL Injection
Posted Dec 24, 2017
Authored by indoushka

News PHP version 1.031 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 90590b5eba822a955be805b62b4b2633
Tuleap 9.6 Second-Order PHP Object Injection
Posted Dec 19, 2017
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.

tags | exploit, arbitrary, php
advisories | CVE-2017-7411
MD5 | bf85aad5adfa9342783213505d464d8c
Ubuntu Security Notice USN-3382-2
Posted Dec 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3382-2 - USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. Various other issues were also addressed.

tags | advisory, remote, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11628, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
MD5 | 7269132db23a11adac8f0ac74885aade
Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
MD5 | 1f47f80c45cf9163168bba8d9d9e5883
Readymade PHP Classified Script 3.3 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Readymade PHP Classified Script version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | ff601d40c0e73cf304417ade35dbe3a3
PHP Multivendor Ecommerce 1.0 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

PHP Multivendor Ecommerce version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 4c1505636b9d9e86b207e2687713d3cd
DomainSale PHP Script 1.0 SQL Injection
Posted Dec 8, 2017
Authored by Ihsan Sencan

DomainSale PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | a56a1dda75e54598cd5a61f9e56fd517
pfSense 2.3.1_1 Remote Command Execution
Posted Nov 28, 2017
Authored by h00die, s4squatch

pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.

tags | exploit, remote, php
MD5 | e31f1a0a55167ae457e32b3a771f6c12
Page 1 of 187
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    8 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close