This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539PHP Live version 3.1 suffers from a cross site scripting vulnerability.
5afa26f53c21f0ac7a1f9a3408b7c32f583820f9a9ce76c738aacdbe5026646eGaanaGawaana Music Platform PHP Script version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
a82fb377371d1856a3f37cb5f375bdcdf4cec2a963adf0fc1fe40ca4153275e7Red Hat Security Advisory 2023-2903-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
14a0a9a8f5279ccadad2c5e3c17b877bba2ef4521d090aff2aef00472ba06ed5VOTAB Voting Quiz PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
61047f833473fa5d13e8efb4584274bdf7b5963248818c4148cdc531ff24fd95VOTAB Voting Quiz PHP Script version 1.0 suffers from a cross site scripting vulnerability.
5fbbd195f12baae87919c60674abb2c62c66d9b889e811367d9e58a1cbe5dddbRed Hat Security Advisory 2023-2417-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
6f47e62ad0a97a6168bb8cbdb23c454b713421317ea8a4adaead022a0b590fdcJedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function.
0d65954fe57317294bfe2c400f3db4b3623426f3c49974de9f8966129d23c3cdJedox version 2022.4.2 has a directory traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code.
c9cad2fb718763533c5af806ca3b6ce9f045e040593ca5a0ad42e98f36535634Jedox version 2022.4.2 has a vulnerability in /be/rpc.php and /be/erpc.php that allows remote authenticated users to load arbitrary PHP classes from the rtn directory and to execute its methods.
ccf211f35f6efc1e74056a425e818939d4b997eb3c43d2de782f50e9ba9d5712Ubuntu Security Notice 6053-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations.
6a4bbd5373aa5388a4619a7fee3c74e536d2083b1d61ae7672757b7e3093a77dPHP Restaurants version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and a cross site scripting vulnerability. Original discovery of SQL injection in this version is attributed to Nefrit ID in February of 2022.
b586c653e892e2e9c9de6abf89736d9dfbba1db49179b4cfb8634d3641320419This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10, below 4.1.18 and below 4.2.1.
da36b42d35a291178bebac45397335e931352a6a022f64275dfb7fc469079f1fUbuntu Security Notice 6012-1 - It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code.
d4a2e4ff14756d2dbe327b2f069015fe32ec799abe564842f5bd692de8ea0a99This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this vulnerability and it results in access to the underlying operating system with the same privileges under which the web services run (typically user www-data). Monitorr versions 1.7.6m, 1.7.7d, and below are affected.
6c6d18b94bdb35bfe9807add78ec876cdeda11ffafe62ef4078fdeb348b08a51Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053cUbuntu Security Notice 5947-1 - Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Marlon Starkloff discovered that Twig was not properly enforcing closure constraints in some of its array filtering functions. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM.
7a722306f91b4b68b54cf4c80bd0a21077ab7a7fe2101b19ae983b91763a9031This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
568ea4cc2d068c625914a2aca31e396f31df3ead8417e7cc93c9f33b2b47b9acUbuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.
d6874c5afe37c2500fc7824d66b24af765e7c0d843c7aa5688092c11c7e428feOsprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
db0ca77f3b6262f047a41f704f1fbcabf469fa7d9140d8fddf64e48fc5dc7ab1Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
36296eda1780ae0ac70f0164496b08fb374f20a8169546a905c771704b399ab9Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
54e985965675a39585d65ec988986982607117a47b0151caf9326c6cb4e834f8Red Hat Security Advisory 2023-0965-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
21cc7adcd44f74a7b7d1f07e645c25db715969dc71fb46ce643d346bc354f014Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.
7ae7c33c3e28b6f24a8453dc72dcd9277d8782ff1546367e81b1eee017a28724
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed