SPIP BigUp version 4.3.1 suffers from a remote PHP code injection vulnerability.
96ef343134222af92ba1ed0f8190e233e165263a1824d6f93b058f803eb81603SPIP BigUp version 4.2.15 suffers from a remote PHP code injection vulnerability.
b87a54430f27e47a10de7366a28ed08bc4395479f68b430b14e8107c3c0bee0bPrison Management System version 1.0 suffers from a PHP code injection vulnerability.
6f0c4d0c2b30b067997ee3da24377eec3ac2089defddc71f84d051b385d7de50SPIP BigUp version 4.1.17 suffers from a remote PHP code injection vulnerability.
3f74e15842234faecbfd3d61add6733355d33551d131bf6b8c351284b2d939f8Debian Linux Security Advisory 5771-1 - Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.
1049496f29954214697205ebd4565fdbae36dcd02f1494f9dedfe7f85844e0dcSPIP BigUp version 4.0 suffers from a remote PHP code injection vulnerability.
d265e3f12c70a2ce14755cd47abbb9cb0a47576f4669c7d7fe0c1db3d2cf9b7eOnline Student Grading System version 1.0 suffers from a remote PHP code injection vulnerability.
ee460721bce9e6abdaea812c124c2b59bd8c93354b78393df06b27cb28539092Old Age Home Management System version 1.0 suffers from a remote PHP code injection vulnerability.
2956369607635036343c4a4a8e93211491c1beb8cca01c7a09a83394f97628ddMembership Management System version 1.0 suffers from a remote PHP code injection vulnerability.
6e0de45243e9e524440fd167d97fbd6689974293e7f4773985cd70c38b24fe08Live Membership Management System version 1.0 suffers from a remote PHP code injection vulnerability.
d31e0399ea428f2faae88e7a10f0f7ac944b8c2f78ece809d9c3be28459cf5b0Men Salon Management System version 2.0 suffers from a php code injection vulnerability.
16f109978dab4dd654ee4cf808111eef9a65cfb018b4dd430500f6c941a7322cAuto/Taxi Stand Management System version 1.0 suffers from a php code injection vulnerability.
1e0b4094b37e8533f3a72e374f0e297723b05a67a6a446f3a2c4f4ba0aa4bdb2This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.
1d5d8ecfee17bb9d29a68547de9e3007c6fb30acdff37b24dca3f23a371620ddEmergency Ambulance Hiring Portal version 1.0 suffers from a php code injection vulnerability.
a9602dbf2dcb3e61aff1d2d0fb60dd2cce4318e79d2ebd423c56f43a95c5c275COVID19 Testing Management System version 1.0 suffers from a php code injection vulnerability.
81883da23094b5c57395049ea06aa7068f785e862d3a4b82429dae396025a5e9BP Monitoring Management System version 1.0 suffers from a php code injection vulnerability.
7d0200096ccae9af066f1ebc1535a7bf1f3ece0cde52cfc5f532d21d370bd831Art Gallery Management System version 1.0 suffers from a php code injection vulnerability.
b19faa3bd593c77aadffed902c2a89af0262656a3ea584a12c74dc6dc625dca5Ubuntu Security Notice 6841-2 - USN-6841-1 fixed a vulnerability in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP could early return in the filter_var function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information.
d170b8e7f8f92515ffeb2d3bd1921abc8a3d13ffd05345330e4edb30169de83aThis Metasploit module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable). Injection point 1 is on vicidial/admin.php when adding a user, in the modify_email_accounts parameter. Injection point 2 is on vicidial/admin.php when adding a user, in the access_recordings parameter. Injection point 3 is on vicidial/admin.php when adding a user, in the agentcall_email parameter. Injection point 4 is on vicidial/AST_agent_time_sheet.php when adding a user, in the agent parameter. Injection point 5 is on vicidial/user_stats.php when adding a user, in the file_download parameter. VICIdial does not encrypt passwords by default.
ee13ad5d4ae7546320169435916f3c9bac21c75f6a3c00a761a80c9d13b3d3b5Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an unauthenticated directory traversal vulnerability. The vulnerability is triggered through the icinga-php-thirdparty library, which allows unauthenticated users to retrieve arbitrary files from the targets filesystem via a GET request to /lib/icinga/icinga-php-thirdparty/<absolute path to target file on disk> as the user running the Icingaweb server, which will typically be the www-data user. This can then be used to retrieve sensitive configuration information from the target such as the configuration of various services, which may reveal sensitive login or configuration information, the /etc/passwd file to get a list of valid usernames for password guessing attacks, or other sensitive files which may exist as part of additional functionality available on the target server. This Metasploit module was tested against Icingaweb 2.9.5 running on Docker.
cdc69a4bccff0e05ac6725d9eb18225432bfef742c18d90b549db0f05b86206eThis Metasploit module exploits a directory traversal vulnerability found in Bitweaver. When handling the overlay_type parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.
75260c8739219589832630db597ad076c6fa9dee26583aeb19f2537f54e959f0This Metasploit module exploits a bypass issue with WPS Hide Login versions less than or equal to 1.9. WPS Hide Login is used to make a new secret path to the login page, however a GET request to /wp-admin/options.php with a referer will reveal the hidden path.
cf0e23084f88d35da4dd2286627bbd0801ca437e1cdded439cd94d23e28d6ab9This Metasploit module attempts to bruteforce the chinese caidao asp/php/aspx backdoor.
60088f8d003987fa40a7002f9f668383b9ab73531f528efc470f1246253bee90The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied at the server.
c40d3f2150f043263d7f5b593f87cd6eb6ed9507f109b3c2713e5d016de691c2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed