Twenty Year Anniversary
Showing 76 - 100 of 4,721 RSS Feed

PHP Files

VideoDuo 3.1 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

VideoDuo Video Search Engine PHP script version 3.1 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | e2d8339c00f2cea48ab6ead24eb86774
User Login And Management PHP Script 1.0 Cross Site Scripting
Posted Jan 6, 2018
Authored by ShanoWeb

User Login and Management PHP script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 9f3805e263066c1dcd3932c12974fdae
b2evolution CMS 6.8.10 PHP Code Execution
Posted Jan 3, 2018
Authored by Anti Rais

b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2017-1000423
MD5 | 2ca4c469ed9373d047c433e8983b7855
PHP Melody 2.7.1 SQL Injection
Posted Dec 31, 2017
Authored by Ahmad Mahfouz

PHP Melody version 2.7.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 7397857681410133de87923b564c1da0
Chatting System PHP Ajax MySQL JavaScript 1.0 Shell Upload
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php, javascript
MD5 | 6965ee7b894ef707384f83dda4e6dd4a
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, javascript, xss
MD5 | 8080ac0081699a839acf51f994db6389
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
Posted Dec 28, 2017
Authored by wetw0rk, Jared Stephens | Site metasploit.com

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

tags | exploit, remote, arbitrary, root, php
systems | bsd
MD5 | 9e31715f8e4cf15c616cd81794fa4e26
GoodTravel Travel And Locations 1.0 Cross Site Scripting
Posted Dec 28, 2017
Authored by ShanoWeb

GoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | c2a461b1002f9b29d0789f75b5b9c583
PHP Web Stat 4.5.03 Backdoor Account
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 has a backdoor admin account with a password of admin.

tags | exploit, web, php
MD5 | 9436443a2953d5eded423dda77700b78
PHP Web Stat 4.5.03 Cross Site Scripting
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 suffers from a cross site scripting vulnerability.

tags | exploit, web, php, xss
MD5 | 51622091cd9294b6f4a4bd8ea3c5c88f
PHP Web Stat 4.5.03 Database Disclosure
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 suffers from a database backup disclosure vulnerability.

tags | exploit, web, php, info disclosure
MD5 | d6db1db63c85e5f36ae5a115ae861aa8
PHP Web Stat 4.x.x Information Disclosure
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stats versions 4.x.x suffers from an information disclosure vulnerability.

tags | exploit, web, php, info disclosure
MD5 | ff34e66846fe9d67c26d9fc933a4df8c
News PHP 1.031 SQL Injection
Posted Dec 24, 2017
Authored by indoushka

News PHP version 1.031 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 90590b5eba822a955be805b62b4b2633
Tuleap 9.6 Second-Order PHP Object Injection
Posted Dec 19, 2017
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.

tags | exploit, arbitrary, php
advisories | CVE-2017-7411
MD5 | bf85aad5adfa9342783213505d464d8c
Ubuntu Security Notice USN-3382-2
Posted Dec 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3382-2 - USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. Various other issues were also addressed.

tags | advisory, remote, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11628, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
MD5 | 7269132db23a11adac8f0ac74885aade
Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
MD5 | 1f47f80c45cf9163168bba8d9d9e5883
Readymade PHP Classified Script 3.3 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Readymade PHP Classified Script version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | ff601d40c0e73cf304417ade35dbe3a3
PHP Multivendor Ecommerce 1.0 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

PHP Multivendor Ecommerce version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 4c1505636b9d9e86b207e2687713d3cd
DomainSale PHP Script 1.0 SQL Injection
Posted Dec 8, 2017
Authored by Ihsan Sencan

DomainSale PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | a56a1dda75e54598cd5a61f9e56fd517
pfSense 2.3.1_1 Remote Command Execution
Posted Nov 28, 2017
Authored by h00die, s4squatch

pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.

tags | exploit, remote, php
MD5 | e31f1a0a55167ae457e32b3a771f6c12
Gentoo Linux Security Advisory 201711-15
Posted Nov 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-15 - A vulnerability was discovered in PHPUnit which may allow an unauthenticated remote attacker to execute arbitrary PHP code. Versions less than 5.7.15-r1 are affected.

tags | advisory, remote, arbitrary, php
systems | linux, gentoo
advisories | CVE-2017-9841
MD5 | 3efd28186a638dcc6acc88c4c14ce3c5
Red Hat Security Advisory 2017-3221-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3221-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, web, denial of service, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2016-10167, CVE-2016-10168
MD5 | 2650f0d1afa1fd9360d227fd6867d136
WordPress WP Mobile Detector 3.5 Shell Upload
Posted Nov 3, 2017
Authored by h00die, Aaditya Purani | Site metasploit.com

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
MD5 | 1d01dc001a0e9ab61957d22e50f28f0c
AROX School ERP PHP Script SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

AROX School ERP PHP Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2017-15978
MD5 | 358add815952626c233d8974647c8a64
Nice PHP FAQ Script SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

Nice PHP FAQ Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2017-15988
MD5 | b4185cf54601d59702e05dc954376f11
Page 4 of 189
Back23456Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close