-
PHP Files ≈ Packet Storm
Jun 20, 2024 | 11:51 am
Ubuntu Security Notice 6841-1 - It was discovered that PHP could early return in the filter_var function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input[…]
Read more...
-
PHP Files ≈ Packet Storm
Jun 19, 2024 | 12:15 pm
Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.
Read more...
-
PHP Files ≈ Packet Storm
Jun 18, 2024 | 14:03 pm
This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert[…]
Read more...
-
PHP Files ≈ Packet Storm
Jun 14, 2024 | 13:14 pm
PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Jun 13, 2024 | 12:58 pm
This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract[…]
Read more...
-
PHP Files ≈ Packet Storm
Jun 11, 2024 | 13:27 pm
Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It[…]
Read more...
-
PHP Files ≈ Packet Storm
Jun 6, 2024 | 18:46 pm
The Hash Form Drag and Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the file_upload_action function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can[…]
Read more...
-
PHP Files ≈ Packet Storm
May 30, 2024 | 14:14 pm
Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords.[…]
Read more...
-
PHP Files ≈ Packet Storm
May 30, 2024 | 14:11 pm
This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with[…]
Read more...
-
PHP Files ≈ Packet Storm
May 22, 2024 | 14:36 pm
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting[…]
Read more...