exploit the possibilities
Showing 101 - 125 of 4,891 RSS Feed

PHP Files

Debian Security Advisory 4419-1
Posted Apr 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4419-1 - Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.

tags | advisory, php, info disclosure
systems | linux, debian
advisories | CVE-2019-9942
MD5 | d00cef3c5e5b02edd0fc91a7aea7b3a8
Jettweb PHP Hazir Rent A Car Sitesi Scripti 2 SQL Injection
Posted Mar 29, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Rent A Car Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 18f62a5e5ad9bc383565459c869d1942
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution
Posted Mar 27, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.

tags | exploit, remote, php, file upload
advisories | CVE-2019-9692
MD5 | 34616f7d15896f8238efb1b0c1d26897
Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

Jettweb Php Hazir ilan Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 998fc2a9a635b104966962276fba0d47
Ubuntu Security Notice USN-3922-1
Posted Mar 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2019-9637, CVE-2019-9641
MD5 | 796c0ad1032cbc8b0b5cd75fa6219458
Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
MD5 | a5b2b09c5dcfafe9d282db68a4f79a82
Jettweb PHP Hazir Haber Sitesi Scripti 2 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 7495e318e12ad1e5e7d4432943fe1939
Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection
Posted Mar 24, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
MD5 | e15b33c8cd003dde94032960982db611
Netartmedia PHP Real Estate Agency 4.0 SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Real Estate Agency version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | af67e081cedb37797c4610f4e42e683b
Netartmedia PHP Business Directory 4.2 SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Business Directory version 4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | b2cde847e46c06e67b09e17740991c7a
Netartmedia PHP Car Dealer SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Car Dealer suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 626471d185f7743ea6d1d0d22969577d
Netartmedia PHP Dating Site SQL Injection
Posted Mar 20, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Dating Site suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | fc74b0b4420d434f328606b22a5104d8
Netartmedia PHP Mall 4.1 SQL Injection
Posted Mar 19, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 137db9a66101e3096824f22d24d3c15c
PHP MySQLi Database Class 2.9.2 SQL Injection
Posted Mar 16, 2019
Authored by Jaroslav Lobacevski

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 91d10b8a3c32ac8a868953e610dcaa2f
Pegasus CMS 1.0 Remote Code Execution
Posted Mar 14, 2019
Authored by R3zk0n

Pegasus CMS version 1.0 suffers from a code execution vulnerability in extra_fields.php.

tags | exploit, php, code execution
MD5 | 07ac9145027e1934aaa3e9418e07c540
Ubuntu Security Notice USN-3902-2
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024
MD5 | 65357e37cae18068e3e84434235d1e1f
elFinder PHP Connector exiftran Command Injection
Posted Mar 12, 2019
Authored by Brendan Coles, Thomas Chauchefoin, q3rv0 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.

tags | exploit, remote, web, shell, php
systems | linux, ubuntu
MD5 | 3664569f65ef2128717bd5e02f29d7b4
Debian Security Advisory 4403-1
Posted Mar 8, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4403-1 - Multiple security issues were found in PHP, a widely-used open source of invalid memory access and rename() was implemented insecurely.

tags | advisory, php
systems | linux, debian
MD5 | 512d17d8b9ec07892087caa22453d92f
QNAP TS-431 QTS Remote Command Execution
Posted Mar 7, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the "index.php" file is allowed to work in the virtual web server directory. No files can be executed except "index.php". Gives an access error. After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2.

tags | exploit, web, shell, php
MD5 | a35108ec28d9740153245bbe67cbb79a
Ubuntu Security Notice USN-3902-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3902-1 - It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024
MD5 | 9715d43e4e828f788c824aa665b39b95
Drupal RESTful Web Services unserialize() Remote Code Execution
Posted Mar 6, 2019
Authored by wvu, Charles FOL, Jasper Mattsson, Rotem Reiss | Site metasploit.com

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.

tags | exploit, web, php
advisories | CVE-2019-6340
MD5 | 5c6af19bb75128b9a4e43d8fb069214c
OpenDocMan 1.3.4 SQL Injection
Posted Mar 5, 2019
Authored by Mehmet Emiroglu

OpenDocMan version 1.3.4 suffers from a remote SQL injection vulnerability in search.php.

tags | exploit, remote, php, sql injection
MD5 | 712535d01e32bd5c701160844148394d
Booked Scheduler 2.7.5 Remote Command Execution
Posted Mar 5, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.

tags | exploit, shell, php, file upload
MD5 | d99806184924b3c9ff46a07a219526b9
elFinder 2.1.47 Command Injection
Posted Mar 5, 2019
Authored by q3rv0

elFinder versions 2.1.47 and below suffer from a command injection vulnerability in the PHP connector.

tags | exploit, php
advisories | CVE-2019-9194
MD5 | 3d96dc64d2bfb5653afc37faeaeccf4b
Debian Security Advisory 4401-1
Posted Mar 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4401-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash.

tags | advisory, remote, web, php, vulnerability
systems | linux, debian
advisories | CVE-2018-20147, CVE-2018-20148, CVE-2018-20149, CVE-2018-20150, CVE-2018-20151, CVE-2018-20152, CVE-2018-20153, CVE-2019-8942
MD5 | 05b43b33e20c2931702e4ba73c03a7c2
Page 5 of 196
Back34567Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close