AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities.
6962b986c26730e365d1c16552cababaPHP List version 2.10.9 suffers from a remote PHP code injection vulnerability.
0242d7481f2a7870b00218bc4efd3a7dSmall CMS suffers from a remote PHP code injection vulnerability.
cc559ce5b66ce07d448792573d28d86dThis Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
8dc19f398388284a81cf2ecae5005436This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
c93d65487a1c0efc12fc9a8a68adc5dbThis Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.
326c66024ed2135e3da4e6dab3059464This is a php script called Private Cpanel Cracker. It takes in a site list and a word list.
aa74ed58f8739816bef57faece954e6aPHP CGI argument injection remote exploit version 0.3. Works on versions up to 5.3.12 and 5.4.2.
7a182a7ad0b0512c4db7048ff2aba1dbThis Metasploit module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab by abusing a preg_replace() using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in activecollab/application/modules/chat/functions/html_to_text.php.
bb5dd6f386c14e61316d4ebca6557bffPHP versions 5.4.3 and below com_event_sink denial of service exploit.
5b05572ceaf9d5324b57ac3cef1677cfphAlbum PHP Gallery Script suffers from a cross site scripting vulnerability.
eb9b5b5cd4543d0f269229d8ebd25c76PHP versions 5.4.3 and below wddx_serialize_* / stream_bucket_* variant object null pointer dereference exploit.
4ce29097139abdfd12ac0b8226bd1ad8PHP version 5.4.3 code execution exploit for Win32.
bf7b4442cabfaf14771396d43b041e28Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
e2a81d75b1fe4177d2d8d7697b297adeWebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.
344eece8b692a4f6c7159ef0b264d1ceGalette versions prior to 0.7.x are vulnerable to a remote SQL injection vulnerability in picture.php.
6befda2acedc55012ccdd21e8decc118XCat is a PHP web interface for scanning sites mined through bing.com.
b29a519ffbe6b5661f3cabe4fabbb421This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
aff0f7b9f5cfd47509018a345f9d31f5Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
389ac7e915aacd5b11e598fba17e61a7Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
e7567837bdd1ff344dc07ce19e08acfaRed Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
efd6d14bc667a4cbc3fd9abaa8b23cb9Mandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.
f031e64124033b6bfd062d5ee8bdec36Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.
fbd30f892746721e8d3bfa72c142a844Debian Linux Security Advisory 2465-1 - De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.
faa20fcb2043b9926e17d34171ea8391PHP Enter suffers from a code execution vulnerability.
242069190d427ac6e484690cd16bc06d
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed