Exploit the possiblities
Showing 76 - 100 of 4,625 RSS Feed

PHP Files

Debian Security Advisory 3769-1
Posted Jan 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3769-1 - Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers.

tags | advisory, remote, arbitrary, php
systems | linux, debian
advisories | CVE-2016-10074
MD5 | 35e5943384aadc42f6da685cc43be28c
PHP 5.6.x / MyBB 1.8.3 Remote Code Execution
Posted Jan 22, 2017
Authored by Taoguang Chen

MyBB versions 1.8.3 and below alongside PHP versions prior to 5.6.30 suffer from a GMP deserialization type confusion vulnerability.

tags | exploit, php
MD5 | 30760925e589d8a94e02a3f2a0be95bb
HP Security Bulletin HPSBST03671 2
Posted Jan 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03671 2 - A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information or Denial of Service via the Ethernet Management Interface. Please note that the Management Interface cannot access data stored on tape media, so this vulnerability does not allow for remote unauthorized disclosure of data stored on tape media or remote denial of service. Revision 2 of this advisory.

tags | advisory, remote, denial of service, php
advisories | CVE-2013-7456, CVE-2016-3074, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5385, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6207, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6293, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
MD5 | fb67b891b56562e11316c0a51423d76f
My PHP Dating 2.0 SQL Injection
Posted Jan 9, 2017
Authored by Nassim Asrir

MY PHP Dating version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | e18a4188cda1cb9e3615969002a87083
My PHP Dating 2.0 SQL Injection
Posted Jan 9, 2017
Authored by Ihsan Sencan

My PHP Dating version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | f0600c7e8f6b401bf53137d384510352
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
Posted Jan 3, 2017
Authored by Dawid Golunski

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.

tags | exploit, web, shell, php, proof of concept
advisories | CVE-2016-10033, CVE-2016-10034, CVE-2016-10045, CVE-2016-10074
MD5 | a0be91defae2564f4405c81fdeab38cd
Debian Security Advisory 3750-1
Posted Jan 1, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3750-1 - Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address.

tags | advisory, remote, php
systems | linux, debian
advisories | CVE-2016-10033
MD5 | 5dc26db485db0eb499f2c2dd00a40bdc
Debian Security Advisory 3732-2
Posted Dec 21, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3732-2 - The update for php5 issued as DSA-3732-1 caused segfaults in php-ssh2. Updated packages are now available to correct this issue.

tags | advisory, php
systems | linux, debian
MD5 | 642a44328ef63252d1cc3f928d768e0e
Slackware Security Advisory - php Updates
Posted Dec 13, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2016-9933, CVE-2016-9934, CVE-2016-9935
MD5 | 8ebb523ad4cd0c60fe37bda621b75f42
WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection
Posted Dec 11, 2016
Authored by Securify B.V., Remco Vermeulen

WordPress Google Analytics Counter Tracker plugin version 3.1.5 suffers from an unauthenticated PHP object injection vulnerability.

tags | exploit, php
MD5 | 1fabefbf2455d13c37b52652e938d419
Gentoo Linux Security Advisory 201611-22
Posted Dec 1, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-22 - Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Versions less than 5.6.28 are affected.

tags | advisory, denial of service, arbitrary, php, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-8865, CVE-2016-3074, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5385, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129
MD5 | f073cc5b80f46496a9c6ec7f001331ad
HP Security Bulletin HPSBST03671 1
Posted Nov 16, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03671 1 - A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information. Revision 1 of this advisory.

tags | advisory, php
advisories | CVE-2016-5385
MD5 | 6d1b17e660ca5c8d469617d69e72907b
Red Hat Security Advisory 2016-2750-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2750-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2013-7456, CVE-2014-9767, CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903
MD5 | 212c6ace5b1922e09d6bbc3fa03bbe65
Rate-Me PHP Script 1.0 Cross Site Scripting
Posted Nov 13, 2016
Authored by Boumediene Kaddour

Rate-Me PHP Script version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | cb302be397157455600b6c99b3f15f0a
PHP Classifieds Rental Script 1.0 Cross Site Scripting
Posted Nov 9, 2016
Authored by Nassim Asrir

PHP Classifieds Rental Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | e3216f82aeddea38b5ed646797d2652e
WordPress YITH WooCommerce Compare 2.0.9 PHP Object Injection
Posted Nov 8, 2016
Authored by Yorick Koster, Securify B.V.

WordPress YITH WooCommerce Compare plugin version 2.0.9 suffers from a PHP object injection vulnerability.

tags | exploit, php
MD5 | 31616f34fc67b6800ac686eebe3d57f6
Piwik 2.16.0 PHP Object Injection
Posted Nov 8, 2016
Authored by EgiX | Site karmainsecurity.com

Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.

tags | exploit, php
MD5 | bd3245f114f5d320f885b704e6a5d15e
Simple PHP Blog 0.4.0 Cross Site Scripting
Posted Nov 7, 2016
Authored by Boumediene Kaddour

Simple PHP Blog version 0.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | d5b13a2e62b7bba15473a402f488a2b6
Rapid PHP Editor IDE 14.1 Cross Site Request Forgery / Code Execution
Posted Nov 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Rapid PHP Editor IDE version 14.1 suffers from a cross site request forgery vulnerability that can result in remote code execution.

tags | exploit, php, csrf
MD5 | f198e7df1fa8662aed794f89792b44fd
Red Hat Security Advisory 2016-2598-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2598-02 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.

tags | advisory, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768
MD5 | c24c3b3604c9b8a4625cf131df6d379b
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.

tags | exploit, php
advisories | CVE-2016-8580
MD5 | 7a66ece0e3bc3a94254de8614fc0971a
Slackware Security Advisory - php Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | 4085332efd2588b982fe398b3b1efd69
InfraPower PPS-02-S Q213V1 Authentication Bypass
Posted Oct 30, 2016
Authored by LiquidWorm | Site zeroscience.mk

InfraPower PPS-02-S Q213V1 suffers from an authentication bypass vulnerability. The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in 'Function.php' checks only if the 'Login' Cookie is empty or not, allowing easy bypass of the user security mechanisms.

tags | exploit, php, bypass
MD5 | 7fb418d4e3f6104e84acc7d747c5bff0
InfraPower PPS-02-S Q213V1 Local File Disclosure
Posted Oct 30, 2016
Authored by LiquidWorm | Site zeroscience.mk

InfraPower PPS-02-S Q213V1 suffers from a file disclosure vulnerability when input passed thru the 'file' parameter to 'ListFile.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.

tags | exploit, local, php
MD5 | 0a98eeb2886891df080bfd8cf5949273
InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution
Posted Oct 30, 2016
Authored by LiquidWorm | Site zeroscience.mk

InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

tags | exploit, remote, arbitrary, root, php, vulnerability
MD5 | ae2754964c8b89e471b19c617f32b34b
Page 4 of 185
Back23456Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close