phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
46f778fd23af1e4e604d32a71ab007e759502445aee2fac99855d70658df179cTikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a loss of integrity. The vulnerability has been reported in Tikiwiki version 1.9.4.
f7850ab13f084ee0399ccaa4266f25beedbf677492fc535ebf17997b1756a1ceTikiWiki versions 1.9.8 and below contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to the f variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.
2c4a8a6e81f67352e72024e2f545f7d1ae145048bf376afb7ae97d09bf473fe9This Metasploit module combines three separate issues within The Simple PHP Blog (versions 0.4.0 and below) application to upload arbitrary data and thus execute a shell. The first vulnerability exposes the hash file (password.txt) to unauthenticated users. The second vulnerability lies within the image upload system provided to logged-in users; there is no image validation function in the blogger to prevent an authenticated user from uploading any file type. The third vulnerability occurs within the blog comment functionality, allowing arbitrary files to be deleted.
50264a6496c4736a34367e584387b0458ab475eb594ae22a834552e36308bb11RedTeam has identified two security flaws in PAJAX versions 0.5.1 and below. It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php".
223f89066530be65e8100cf31774da9860ea9f254965c65c5bc52ade6f7acfacThis Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.
c7fdffbbd0281a931ef1b75a62465cf757ccbfbbe17fe89aeaf55cb24d294f22googlegath is a free open source utility to obtain informations through Google searches. It could be useful for penetration testing, security scanning, etc. googlegath has been tested on GNU/Linux, *BSD systems.
e754e380fcd9e0ba64eeb22cf691c7a8ed0da8b395cb718921623b3649666ab1snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD and Windows (Cygwin) systems.
d761829bf0e54681d7f7286dc9fdb8136fc370c218b85024b7c22a2e209970casnmpcheck is a tool to get information via SNMP protocols for Windows, Linux, Cisco, HP-UX and SunOS platforms. Tested on GNU/Linux, *BSD and Windows (Cygwin and ActivePerl) systems. Distributed under the GPL license and based on Athena-2k script by jshaw.
d41ac4459a12ff293160ae66984f94115d1ebd6f8943ec46db4edaf82ce8645bsnmpcheck is a tool to get information via SNMP protocols for Windows, Linux, Cisco, HP-UX and SunOS platforms. Tested on GNU/Linux, *BSD and Windows (Cygwin and ActivePerl) systems. Distributed under the GPL license and based on Athena-2k script by jshaw.
25c63b6755c36fdf3b9fd075352226e2368d0f4fcbea0ae0928677e9eb11db10snmpcheck is a tool to get information via SNMP protocols for Windows, Linux, Cisco, HP-UX and SunOS platforms. Tested on GNU/Linux, *BSD and Windows (Cygwin and ActivePerl) systems. Distributed under the GPL license and based on Athena-2k script by jshaw.
b2fe0fd3cd85760db76dcb3582fe0a41491f75110f42b65de418ede033916f9d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed