PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.
5d7cda295322273a07765d0e26863912ad7bb4ef36801e228c39142c37806ef6
NetArt Media PHP Hotel Site version 2.0 suffers from a cross site scripting vulnerability.
84124ff16f949e9ab005d3b5c316da611c20f345e4bf826893ebfce6f62c376a
This Metasploit module exploits an unauthenticated command injection vulnerability in /controller/ping.php in Symmetricom SyncServer. The S100 through S350 (End of Life) models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability.
9228aebd2b8cb829828420734c809d84e0b8b72d483a6286436970baa02fbb09
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25d
Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
b78ada19cdad18133c1d75e67c6a3d412579cefae51613bdc1305bfaf34bc7be
Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
1480d11098e522e1a4cec8195fa739e3296da2ba49c56c9ed78a071d88989612
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539
PHP Live version 3.1 suffers from a cross site scripting vulnerability.
5afa26f53c21f0ac7a1f9a3408b7c32f583820f9a9ce76c738aacdbe5026646e
GaanaGawaana Music Platform PHP Script version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
a82fb377371d1856a3f37cb5f375bdcdf4cec2a963adf0fc1fe40ca4153275e7
Red Hat Security Advisory 2023-2903-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
14a0a9a8f5279ccadad2c5e3c17b877bba2ef4521d090aff2aef00472ba06ed5
VOTAB Voting Quiz PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
61047f833473fa5d13e8efb4584274bdf7b5963248818c4148cdc531ff24fd95
VOTAB Voting Quiz PHP Script version 1.0 suffers from a cross site scripting vulnerability.
5fbbd195f12baae87919c60674abb2c62c66d9b889e811367d9e58a1cbe5dddb
Red Hat Security Advisory 2023-2417-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
6f47e62ad0a97a6168bb8cbdb23c454b713421317ea8a4adaead022a0b590fdc
Jedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function.
0d65954fe57317294bfe2c400f3db4b3623426f3c49974de9f8966129d23c3cd
Jedox version 2022.4.2 has a directory traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code.
c9cad2fb718763533c5af806ca3b6ce9f045e040593ca5a0ad42e98f36535634
Jedox version 2022.4.2 has a vulnerability in /be/rpc.php and /be/erpc.php that allows remote authenticated users to load arbitrary PHP classes from the rtn directory and to execute its methods.
ccf211f35f6efc1e74056a425e818939d4b997eb3c43d2de782f50e9ba9d5712
Ubuntu Security Notice 6053-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations.
6a4bbd5373aa5388a4619a7fee3c74e536d2083b1d61ae7672757b7e3093a77d
PHP Restaurants version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and a cross site scripting vulnerability. Original discovery of SQL injection in this version is attributed to Nefrit ID in February of 2022.
b586c653e892e2e9c9de6abf89736d9dfbba1db49179b4cfb8634d3641320419
This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10, below 4.1.18 and below 4.2.1.
da36b42d35a291178bebac45397335e931352a6a022f64275dfb7fc469079f1f
Ubuntu Security Notice 6012-1 - It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code.
d4a2e4ff14756d2dbe327b2f069015fe32ec799abe564842f5bd692de8ea0a99
This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this vulnerability and it results in access to the underlying operating system with the same privileges under which the web services run (typically user www-data). Monitorr versions 1.7.6m, 1.7.7d, and below are affected.
6c6d18b94bdb35bfe9807add78ec876cdeda11ffafe62ef4078fdeb348b08a51
Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053c
Ubuntu Security Notice 5947-1 - Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Marlon Starkloff discovered that Twig was not properly enforcing closure constraints in some of its array filtering functions. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM.
7a722306f91b4b68b54cf4c80bd0a21077ab7a7fe2101b19ae983b91763a9031
This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1
Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
568ea4cc2d068c625914a2aca31e396f31df3ead8417e7cc93c9f33b2b47b9ac