-
PHP Files ≈ Packet Storm
Nov 15, 2024 | 13:25 pm
Ubuntu Security Notice 7049-2 - USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 14, 2024 | 15:42 pm
Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
Read more...
-
PHP Files ≈ Packet Storm
Nov 14, 2024 | 15:37 pm
This is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 12, 2024 | 15:10 pm
Debian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.
Read more...
-
PHP Files ≈ Packet Storm
Nov 1, 2024 | 15:08 pm
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 1, 2024 | 14:54 pm
SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:34 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication,[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:32 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:31 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:28 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to[…]
Read more...