exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 5,185 RSS Feed

PHP Files

SugarCRM 13.0.1 Server-Side Template Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

tags | exploit, arbitrary, php
SHA-256 | 482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
Ubuntu Security Notice USN-6199-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2023-3247
SHA-256 | e46b12e2ae2685b34c9735991a469a71e79fcd955c1df600d8da3956401fe3d8
Red Hat Security Advisory 2023-5927-01
Posted Oct 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5927-01 - An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | 46c527bdcfb2145b61c0830ad98c9738174c2195ac8e1cd6200c84896fdfff5d
Red Hat Security Advisory 2023-5926-01
Posted Oct 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5926-01 - An update for php is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | f7b3d25853c407b0835193e19c69c5d5226d02c94935df3692d13b2fede8c6ec
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Oct 2, 2023
Authored by Ron Bowes, Jacob Baines, jheysel-r7 | Site metasploit.com

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.

tags | exploit, web, root, php, protocol
systems | freebsd, bsd, juniper
advisories | CVE-2023-36845
SHA-256 | 23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
Posted Sep 19, 2023
Authored by Marco Wotschka | Site wordfence.com

WordPress Essential Blocks plugin versions 4.2.0 and below and Essential Blocks Pro versions 1.1.0 and below suffer from multiple PHP object injection vulnerabilities.

tags | exploit, php, vulnerability
advisories | CVE-2023-4386, CVE-2023-4402
SHA-256 | 3bc456da9e240b7476040544d3e4f0b5fa6f68d4e3ad65a015be529481ab73ad
PHP Shopping Cart 4.2 SQL Injection
Posted Sep 13, 2023
Authored by nu11secur1ty

PHP Shopping Cart version 4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 606411a83a93b9d6c705936cd642d323cf06f1e728faa5294bef0c1a617f8551
Online Pizza Ordering System 1.0 Shell Upload
Posted Sep 12, 2023
Authored by Sefa Ozan | Site metasploit.com

This Metasploit module exploits a vulnerability found in Online Pizza Ordering System version 1.0. By abusing the admin_class.php file, a malicious user can upload a file to the img/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 22.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
SHA-256 | 3002ce5e2a8a96ceb421dddfd1cd12fa3676d726242592bcbe8fb80e7b19715f
SolarView Compact 6.00 Remote Command Execution
Posted Sep 6, 2023
Authored by h00die-gr3y | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user contec).

tags | exploit, web, php
advisories | CVE-2023-23333
SHA-256 | d0437fdd852a45a2f8dcde9836a0c763b4e6b928a9997b6532fb7346909945a8
PHP JABBERS PHP Review Script 1.0 Cross Site Scripting
Posted Aug 31, 2023
Authored by nu11secur1ty

PHP JABBERS PHP Review Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | b9b98b4a795bf346b16b6fba859f15dc9f9da7740340375a350eddf3a8d1d69f
Islam CMS 1.0 Code Injection
Posted Aug 31, 2023
Authored by indoushka

Islam CMS version 1.0 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | 39b07aef1fa1c0862a22398b5f20aabeb8f16190e023159d1c613e4cc63eef60
Ubuntu Security Notice USN-6305-1
Posted Aug 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6305-1 - It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code.

tags | advisory, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2023-3823, CVE-2023-3824
SHA-256 | 1dc8c3dad3030fd034169b595c1d037465ec0558c0e070e9e64ad1aef797927d
Chamilo 1.11.18 Command Injection
Posted Aug 24, 2023
Authored by RandoriSec, h00die-gr3y | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker to execute arbitrary commands at the OS level using a malicious SOAP request at the vulnerable endpoint /main/webservices/additional_webservices.php.

tags | exploit, remote, arbitrary, php
advisories | CVE-2023-34960
SHA-256 | 9eddd6c9a39fb97ca77aeebd1ec713969953ce2f89e609c528b4a46ca5ec152d
SugarCRM 12.2.0 PHP Object Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2023-35810
SHA-256 | 32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910c
RaspAP 2.8.7 Unauthenticated Command Injection
Posted Aug 15, 2023
Authored by Ege Balci, Ismael0x00 | Site metasploit.com

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.

tags | exploit, arbitrary, php
systems | linux, debian
advisories | CVE-2022-39986
SHA-256 | abc5a8577c76d38277377259204d36eaaa8e98293d1ed4d1030fb74de2c622f0
DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting
Posted Aug 11, 2023
Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b
Discussion On Kontackt 1.18 Cross Site Scripting
Posted Aug 10, 2023
Authored by indoushka

Discussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 7d18de8acfc063f172113a27af33ebbcf209b0dcb3d43c8ec163f7ff1adefc84
DigaSell Digital Store PHP Script 1.0.0 SQL Injection
Posted Aug 10, 2023
Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 8729994d50fb2282a91511c1471e529be3acfb58262a0d60949d1b29f6c5d7a6
Chatone Social Networking PHP Script 1.6 Add Administrator
Posted Aug 9, 2023
Authored by indoushka

Chatone Social Networking PHP Script version 1.6 suffers from an add administrator vulnerability.

tags | exploit, php, add administrator
SHA-256 | aa549a9947a1342ad9aeff37c9e15f1e470ba8802ce29b603d258f911541cf20
Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
Availability Booking Calendar PHP XSS / Arbitrary File Upload
Posted Jul 26, 2023
Authored by Andrey Stoykov

Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.

tags | exploit, arbitrary, php, vulnerability, xss, file upload
SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution
Posted Jul 25, 2023
Authored by h00die-gr3y, Mateus Machado Tesser | Site metasploit.com

WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.

tags | exploit, remote, web, php, code execution
advisories | CVE-2023-2068
SHA-256 | 70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting
Posted Jul 14, 2023
Authored by indoushka

Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, web, php, xss
SHA-256 | c6e4d11aa955cb2bed6d76defb35557734149c0312ced065d9b37014584f212f
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation
Posted Jul 13, 2023
Authored by indoushka

Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a privilege escalation vulnerability.

tags | exploit, web, php
SHA-256 | f5312fef20d54f675129250c93dbc79ad8b831731e0ba613b47a3771260a63cd
Super Store Finder PHP Script 3.6 SQL Injection
Posted Jul 5, 2023
Authored by Etharus

Super Store Finder PHP Script versions 3.6 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
SHA-256 | 626e9249014429e44e6f78886ff283f9591b5337313b41d8bca85c6684a00018
Page 2 of 208
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close