what you don't know can hurt you
Showing 76 - 100 of 4,875 RSS Feed

PHP Files

Ubuntu Security Notice USN-3922-3
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-3 - USN-3922-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9022, CVE-2019-9640, CVE-2019-9675
MD5 | 288b02d0ec8e43a0bfc27999ca3920b8
Ubuntu Security Notice USN-3922-2
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9022, CVE-2019-9640, CVE-2019-9675
MD5 | 9a003b95860a0fb761d2ab88343099f7
Ubuntu Security Notice USN-3953-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11034
MD5 | 29f1a73f80be8c44ca45d84e596fe893
CuteNews 2.1.2 Remote Code Execution
Posted Apr 15, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in CuteNews prior to version 2.1.2. The attacker can infiltrate the server through the avatar upload process in the profile area. There is no realistic control of the $imgsize function in "/core/modules/dashboard.php" Header content of the file can be changed and the control can be bypassed. We can use the "GIF" header for this process. An ordinary user is enough to exploit the vulnerability. No need for admin user. The module creates a file for you and allows RCE.

tags | exploit, php
MD5 | 950718cb4e553313f12dbd3582be8ac7
Horde Form Shell Upload
Posted Apr 10, 2019
Authored by Ratiosec | Site metasploit.com

Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent versions prior to 2.0.19.

tags | exploit, remote, arbitrary, php
advisories | CVE-2019-9858
MD5 | 77733e9ad4d5217473e6f849c3b3ec6a
Ashop Shopping Cart Software SQL Injection
Posted Apr 9, 2019
Authored by Dogukan Karaciger

Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability in bannedcustomers.php.

tags | exploit, remote, php, sql injection
MD5 | a9726e6a13c0a86e9804ac4e80b99eca
PHP 7.2 imagecolormatch() Out-Of-Band Heap Write
Posted Apr 9, 2019
Authored by Charles FOL

PHP version 7.2 suffers from an imagecolormatch() out-of-band heap write vulnerability.

tags | exploit, php
advisories | CVE-2019-6977
MD5 | 2d3f238d47fc9c55295cc1e13a14b238
TeemIp IPAM Command Injection
Posted Apr 3, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The "new_config" parameter of "exec.php" allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter 'new_config'.

tags | exploit, remote, php
MD5 | 82ea7a04ea9f5af50f8fb97802e3ee4e
PHPGGC unserialize() Payload Tool
Posted Apr 2, 2019
Site ambionics.io

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

tags | tool, php
systems | unix
MD5 | fbf73cc5519faf38c585a6e06002f83e
Debian Security Advisory 4419-1
Posted Apr 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4419-1 - Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.

tags | advisory, php, info disclosure
systems | linux, debian
advisories | CVE-2019-9942
MD5 | d00cef3c5e5b02edd0fc91a7aea7b3a8
Jettweb PHP Hazir Rent A Car Sitesi Scripti 2 SQL Injection
Posted Mar 29, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Rent A Car Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 18f62a5e5ad9bc383565459c869d1942
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution
Posted Mar 27, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.

tags | exploit, remote, php, file upload
advisories | CVE-2019-9692
MD5 | 34616f7d15896f8238efb1b0c1d26897
Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

Jettweb Php Hazir ilan Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 998fc2a9a635b104966962276fba0d47
Ubuntu Security Notice USN-3922-1
Posted Mar 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2019-9637, CVE-2019-9641
MD5 | 796c0ad1032cbc8b0b5cd75fa6219458
Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
MD5 | a5b2b09c5dcfafe9d282db68a4f79a82
Jettweb PHP Hazir Haber Sitesi Scripti 2 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 7495e318e12ad1e5e7d4432943fe1939
Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection
Posted Mar 24, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
MD5 | e15b33c8cd003dde94032960982db611
Netartmedia PHP Real Estate Agency 4.0 SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Real Estate Agency version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | af67e081cedb37797c4610f4e42e683b
Netartmedia PHP Business Directory 4.2 SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Business Directory version 4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | b2cde847e46c06e67b09e17740991c7a
Netartmedia PHP Car Dealer SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Car Dealer suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 626471d185f7743ea6d1d0d22969577d
Netartmedia PHP Dating Site SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Dating Site suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | fc74b0b4420d434f328606b22a5104d8
Netartmedia PHP Mall 4.1 SQL Injection
Posted Mar 19, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 137db9a66101e3096824f22d24d3c15c
PHP MySQLi Database Class 2.9.2 SQL Injection
Posted Mar 16, 2019
Authored by Jaroslav Lobacevski

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 91d10b8a3c32ac8a868953e610dcaa2f
Pegasus CMS 1.0 Remote Code Execution
Posted Mar 14, 2019
Authored by R3zk0n

Pegasus CMS version 1.0 suffers from a code execution vulnerability in extra_fields.php.

tags | exploit, php, code execution
MD5 | 07ac9145027e1934aaa3e9418e07c540
Ubuntu Security Notice USN-3902-2
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024
MD5 | 65357e37cae18068e3e84434235d1e1f
Page 4 of 195
Back23456Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close