Exploit the possiblities
Showing 76 - 100 of 4,663 RSS Feed

PHP Files

Xavier 2.4 SQL Injection
Posted Jun 7, 2017
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Xavier PHP Login Script and User Management Admin Panel version 2.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 1da452202b8527a25808c6c827c89575
IBM Informix Dynamic Server DLL Injection / Code Execution
Posted May 31, 2017
Site securiteam.com

IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.

tags | exploit, overflow, php, vulnerability
advisories | CVE-2016-2183, CVE-2017-1092
MD5 | acf1047cf6ec465e6ff49df652940fd6
MediaWiki SyntaxHighlight Extension Option Injection
Posted May 20, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

tags | exploit, root, php
advisories | CVE-2017-0372
MD5 | 1b15a640f92c98f62fa52a0340553730
Google API PHP Client 2.1.3 Cross Site Scripting
Posted May 12, 2017
Authored by Leon Juranic, DefenseCode

google-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 01570bb024997801f85e3290dadda5ef
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
Posted May 11, 2017
Authored by HaHwul

BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 9be975678becc6c229ea7ef576b4a2ff
Crypttech CryptoLog Remote Code Execution
Posted May 6, 2017
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session. logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue. Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.

tags | exploit, web, php, vulnerability, sql injection
MD5 | def1cf31ae496fb40d65c478545ef605
SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting
Posted Apr 29, 2017
Authored by Yorick Koster, Securify B.V.

A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.

tags | exploit, arbitrary, php, xss
advisories | CVE-2017-0372
MD5 | c2f465d0fafdbcf4b9a63fb413f084f5
PHP 7.1.2 fsockopen Misbehavior
Posted Apr 3, 2017
Authored by Fikri Fadzil | Site sec-consult.com

PHP version 7.1.2 suffers from an incorrect behavior with fsockopen.

tags | exploit, php
MD5 | 13ada8d30286301511583f7ca95b33ce
DzSoft PHP Editor 4.2.7 File Enumeration
Posted Mar 27, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

DzSoft PHP Editor version 4.2.7 suffers from a file enumeration vulnerability.

tags | exploit, php
MD5 | 01da8ee53f1911e1330446599d359f0c
PHP Real Estate Property Script SQL Injection
Posted Mar 26, 2017
Authored by Ihsan Sencan

PHP Real Estate Property Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 3d67dc50b3ad8d1fba3124ac069f34f6
PHP Forum Script 3.0 SQL Injection
Posted Mar 12, 2017
Authored by Ihsan Sencan

PHP Forum Script version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 450718e194d8388aaf31ee678c02e00b
PHP Entrepreneur 1.2 SQL Injection
Posted Mar 9, 2017
Authored by Bilal Kardadou

PHP Entrepreneur script version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | ddfe2ee84fd9b4ef6582fae4efe60afc
PHP Classifieds Rental Script 3.6.0 SQL Injection
Posted Mar 6, 2017
Authored by Ihsan Sencan

PHP Classifieds Rental script version 3.6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 9e1b2fe38a8d425c65134a8294faf863
PHP B2B Script 3.05 SQL Injection
Posted Mar 6, 2017
Authored by Ihsan Sencan

PHP B2B script version 3.05 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 36f13af55aaae34f0c1d086605c3f71d
WordPress Username Enumeration
Posted Mar 3, 2017
Authored by Dctor

Simple PHP proof of concept exploit that demonstrates username enumeration in WordPress versions prior to 4.7.1.

tags | exploit, php, proof of concept
advisories | CVE-2017-5487
MD5 | c466685d3f06c12ee2ebd82a5c061d89
WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection
Posted Mar 3, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.

tags | exploit, php
MD5 | d7391c18f04b169df0122e11b1c3dec8
Ubuntu Security Notice USN-3211-2
Posted Mar 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

buntu Security Notice 3211-2 - USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, vulnerability
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-7479, CVE-2016-9137, CVE-2016-9935, CVE-2016-9936, CVE-2017-5340
MD5 | 7ce6a856c68f82a64ec200d01585c249
PHP Classified OLX Clone Script SQL Injection
Posted Mar 2, 2017
Authored by Ihsan Sencan

PHP Classified OLX Clone Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | de1bc4720fc1717b7fa1f9ac7f669194
WordPress Analytics Stats Counter Statistics 1.2.2.5 PHP Object Injection
Posted Mar 1, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Analytics Stats Counter Statistics plugin version 1.2.2.5 suffers from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 91725ba3f4733fa4edc420ef97e32a71
AlienVault OSSIM/USM Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince, Peter Lapp | Site metasploit.com

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1

tags | exploit, arbitrary, root, spoof, php, vulnerability, sql injection
MD5 | c403c0d00272c2fb94d0906435878b17
EasyCom AS400 PHP API Buffer Overflow
Posted Feb 24, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The EasyCom AS400 (iBMI) PHP API suffers from a buffer overflow vulnerability.

tags | exploit, overflow, php
advisories | CVE-2017-5358
MD5 | 8bac9a148fdc87f189881b33bba0ac27
Ubuntu Security Notice USN-3211-1
Posted Feb 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3211-1 - It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-7479, CVE-2016-9137, CVE-2016-9935, CVE-2016-9936, CVE-2017-5340
MD5 | 2bee79edbf2c54e0838901347551e7bf
Gentoo Linux Security Advisory 201702-29
Posted Feb 21, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-29 - Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Versions less than 5.6.30 are affected.

tags | advisory, denial of service, arbitrary, php, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-9935
MD5 | 285dea360f0016eb3a446ad5ace4117c
Ubuntu Security Notice USN-3196-1
Posted Feb 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3196-1 - It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-9912, CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-7478, CVE-2016-7479, CVE-2016-9137, CVE-2016-9934, CVE-2016-9935
MD5 | 69a7b30a12903bddf2a081c55b9ac6e7
PHP Marketplace Script SQL Injection
Posted Feb 14, 2017
Authored by Yunus YILDIRIM

PHP Marketplace Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 8c3427c63ba9ac814a8206bad830ac00
Page 4 of 187
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close