-
PHP Files ≈ Packet Storm
Apr 30, 2024 | 15:52 pm
Ubuntu Security Notice 6757-1 - It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.[…]
Read more...
-
PHP Files ≈ Packet Storm
Apr 22, 2024 | 23:02 pm
LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
Read more...
-
PHP Files ≈ Packet Storm
Apr 16, 2024 | 14:12 pm
Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
Read more...
-
PHP Files ≈ Packet Storm
Apr 16, 2024 | 14:10 pm
Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
Read more...
-
PHP Files ≈ Packet Storm
Apr 11, 2024 | 14:04 pm
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
Read more...
-
PHP Files ≈ Packet Storm
Apr 8, 2024 | 14:08 pm
Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 8, 2024 | 14:06 pm
Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 5, 2024 | 18:14 pm
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 5, 2024 | 18:11 pm
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 5, 2024 | 18:10 pm
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 5, 2024 | 18:09 pm
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 5, 2024 | 18:07 pm
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.
Read more...
-
PHP Files ≈ Packet Storm
Apr 5, 2024 | 17:58 pm
A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries[…]
Read more...
-
PHP Files ≈ Packet Storm
Apr 2, 2024 | 18:52 pm
Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.
Read more...
-
PHP Files ≈ Packet Storm
Apr 2, 2024 | 18:33 pm
Online Hotel Booking in PHP version 1.0 suffers from a remote blind SQL injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Mar 28, 2024 | 14:18 pm
LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Mar 27, 2024 | 14:49 pm
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit[…]
Read more...
-
PHP Files ≈ Packet Storm
Mar 27, 2024 | 14:48 pm
A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and[…]
Read more...
-
PHP Files ≈ Packet Storm
Mar 26, 2024 | 14:22 pm
Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Read more...
-
PHP Files ≈ Packet Storm
Mar 21, 2024 | 14:29 pm
Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.
Read more...
-
PHP Files ≈ Packet Storm
Mar 19, 2024 | 15:00 pm
Gibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
Read more...
-
PHP Files ≈ Packet Storm
Mar 15, 2024 | 14:58 pm
Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical[…]
Read more...
-
PHP Files ≈ Packet Storm
Mar 13, 2024 | 15:11 pm
MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Mar 13, 2024 | 15:10 pm
MSMS-PHP version 1.0 suffers from a remote SQL injection vulnerability.
Read more...