Islam CMS version 1.0 suffers from a remote PHP code injection vulnerability.
39b07aef1fa1c0862a22398b5f20aabeb8f16190e023159d1c613e4cc63eef60Ubuntu Security Notice 6305-1 - It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code.
1dc8c3dad3030fd034169b595c1d037465ec0558c0e070e9e64ad1aef797927dThis Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker to execute arbitrary commands at the OS level using a malicious SOAP request at the vulnerable endpoint /main/webservices/additional_webservices.php.
9eddd6c9a39fb97ca77aeebd1ec713969953ce2f89e609c528b4a46ca5ec152dSugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.
32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910cRaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.
abc5a8577c76d38277377259204d36eaaa8e98293d1ed4d1030fb74de2c622f0DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.
f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240bDiscussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.
7d18de8acfc063f172113a27af33ebbcf209b0dcb3d43c8ec163f7ff1adefc84DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.
8729994d50fb2282a91511c1471e529be3acfb58262a0d60949d1b29f6c5d7a6Chatone Social Networking PHP Script version 1.6 suffers from an add administrator vulnerability.
aa549a9947a1342ad9aeff37c9e15f1e470ba8802ce29b603d258f911541cf20This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.
0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.
70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a cross site scripting vulnerability.
c6e4d11aa955cb2bed6d76defb35557734149c0312ced065d9b37014584f212fBazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a privilege escalation vulnerability.
f5312fef20d54f675129250c93dbc79ad8b831731e0ba613b47a3771260a63cdSuper Store Finder PHP Script versions 3.6 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
626e9249014429e44e6f78886ff283f9591b5337313b41d8bca85c6684a00018Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.
f900e85ecda5d4b00c19b39d7bf754425099337a6a82556ace53811d967446d9Advanced PHP URL Shortener version 1.0 suffers from a cross site scripting vulnerability.
4e1d8e53e5314398ff0dd35afa47391639eddbece2db8c996181a7b27a46577ePHP Online School version 1.0 suffers from a cross site scripting vulnerability.
f03972c1e09a9186ceda63b51379c7322f797984280b34e747cead9ca8483d0dPHP Mail version 5.0 suffers from a cross site scripting vulnerability.
ab9cccf88065d059ab46972fbfac65d69ffa30754d5ac7563f151812c102ac6bPHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.
5d7cda295322273a07765d0e26863912ad7bb4ef36801e228c39142c37806ef6NetArt Media PHP Hotel Site version 2.0 suffers from a cross site scripting vulnerability.
84124ff16f949e9ab005d3b5c316da611c20f345e4bf826893ebfce6f62c376aThis Metasploit module exploits an unauthenticated command injection vulnerability in /controller/ping.php in Symmetricom SyncServer. The S100 through S350 (End of Life) models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability.
9228aebd2b8cb829828420734c809d84e0b8b72d483a6286436970baa02fbb09This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25dDebian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
b78ada19cdad18133c1d75e67c6a3d412579cefae51613bdc1305bfaf34bc7beDebian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
1480d11098e522e1a4cec8195fa739e3296da2ba49c56c9ed78a071d88989612
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed