Twenty Year Anniversary
Showing 26 - 50 of 4,704 RSS Feed

PHP Files

Ubuntu Security Notice USN-3600-2
Posted May 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3600-2 - USN-3600-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, remote, php, xss
systems | linux, ubuntu
advisories | CVE-2018-5712, CVE-2018-7584
MD5 | 79bbde3d1fefb3d77b138ef00b9b7370
Ubuntu Security Notice USN-3646-1
Posted May 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3646-1 - It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local, php
systems | linux, ubuntu
advisories | CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549
MD5 | 671fb2061c1fff15655f741886b1e10a
Mantis manage_proj_page PHP Code Execution
Posted May 9, 2018
Authored by EgiX, Lars Sorenson | Site metasploit.com

Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.

tags | exploit, remote, php, code execution
advisories | CVE-2008-4687
MD5 | 1357cfcb1f87c0ce0787fbc307d1bb01
WordPress User Role Editor Plugin Privilege Escalation
Posted May 7, 2018
Authored by Tomislav Paskalev, ethicalhack3r | Site metasploit.com

The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.

tags | exploit, web, arbitrary, php
MD5 | 21f2f7e73a000aa53bc81c6bd2ac2518
PlaySMS import.php Code Execution
Posted May 7, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.

tags | exploit, remote, web, php, code execution, file upload
systems | windows, 7
advisories | CVE-2017-9101
MD5 | f976c4045dcaba09573750799d5fb25a
PlaySMS sendfromfile.php Code Execution
Posted May 7, 2018
Authored by Touhid M.Shaikh, DarkS3curity | Site metasploit.com

This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.

tags | exploit, php, file upload
systems | windows, 7
advisories | CVE-2017-9080
MD5 | 2580a04744c23352ceb458505fd66e3d
Red Hat Security Advisory 2018-1296-01
Posted May 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1296-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php. Issues addressed include buffer overflow, cross site scripting, denial of service, heap overflow, remote file inclusion, and use-after-free vulnerabilities.

tags | advisory, remote, web, denial of service, overflow, php, vulnerability, xss, file inclusion
systems | linux, redhat
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-10167, CVE-2016-10168, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7479, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934
MD5 | 74d414cb061c5ffff37e0dd0dcbd14fa
osCommerce Installer Unauthenticated Code Execution
Posted May 3, 2018
Authored by Daniel Teixeira, Simon Scannell | Site metasploit.com

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.

tags | exploit, php
MD5 | 87ed86a0d1878037791e43a36f9d7694
xdebug Unauthenticated OS Command Execution
Posted May 1, 2018
Authored by Mumbai, Shaksham Jaiswal, Ricter Zheng | Site metasploit.com

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.

tags | exploit, web, arbitrary, php
MD5 | f41618034e1f76ddd17f42794e9dc6c3
Yahei PHP Prober 0.4.7 Cross Site Scripting
Posted Apr 9, 2018
Authored by ManhNho

Yahei PHP Prober version 0.4.7 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2018-9238
MD5 | f12a62cb7579b29c118d5b72292a0c3e
ProcessMaker Plugin Code Execution
Posted Apr 3, 2018
Authored by Brendan Coles | Site metasploit.com

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.

tags | exploit, web, php
systems | linux, windows, debian, 7
MD5 | 62ca13841303372ebfe7885ec8e1b271
Slackware Security Advisory - php Updates
Posted Apr 1, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | a7016e23d3beb38a24d8e1e1f0708b2b
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
Posted Mar 26, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.

tags | exploit, arbitrary, php, file upload
systems | linux, windows, 7
MD5 | d2275d600b73e806af00c2c4d704c496
Ubuntu Security Notice USN-3600-1
Posted Mar 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3600-1 - It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, php, xss
systems | linux, ubuntu
advisories | CVE-2016-10712, CVE-2018-5712, CVE-2018-7584
MD5 | 4120462fc6fd27b1ad02894820c93486
Debian Security Advisory 4142-1
Posted Mar 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.

tags | advisory, remote, web, root, php
systems | linux, debian
advisories | CVE-2018-7490
MD5 | b27d21328ecc754819007e251a72861d
Red Hat Security Advisory 2018-0406-01
Posted Mar 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0406-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2017-7890
MD5 | 5a4ffbd2634a1a77f6456bcc55e8be27
Social Oauth Login PHP SQL Injection
Posted Feb 14, 2018
Authored by Borna Nematzadeh

Social Oauth Login PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 50c6d42d491cdd52647e23330f7ba0bf
Ubuntu Security Notice USN-3566-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3566-1 - It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, xss
systems | linux, ubuntu
advisories | CVE-2017-12933, CVE-2017-16642, CVE-2018-5712
MD5 | 0b5c9a022daec85647b0067cd2617764
PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting
Posted Feb 7, 2018
Authored by Prasenjit Kanti Paul

PHP Scripts Mall Doctor Search Script version 1.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2018-6655
MD5 | be08ecb0a94b7c67c36583ccda5fc834
WordPress Core Denial Of Service
Posted Feb 6, 2018
Authored by Ali Razmjoo

WordPress load-scripts.php denial of service exploit.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
MD5 | c5199aa5847b27d9f9ce21b843ab9fee
WordPress Core load-scripts.php Denial Of Service
Posted Feb 5, 2018
Authored by Barak Tawily

WordPress Core suffers from a load-scripts.php denial of service vulnerability.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
MD5 | 7fb9f333287d6bceb67916a30184fc61
Slackware Security Advisory - php Updates
Posted Feb 4, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2018-5711, CVE-2018-5712
MD5 | f1eeaefa5650451e1a2567427e5c6303
Event Manager PHP Script 1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2018-6576
MD5 | bc5abfcc22424338eaa96b3208042ce0
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
Posted Jan 26, 2018
Authored by Nicolas Buzy-Debat

WordPress Splashing Images plugin version 2.1 suffers from PHP object injection and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
advisories | CVE-2018-6194, CVE-2018-6195
MD5 | 2074b9733bf382d13829e0d172ba5646
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
MD5 | 378cc7a64ba0d3b9625bf7d0daeb9bd6
Page 2 of 189
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    1 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close