jetlib.sec » Tags » deutf

Feeds

133357 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

3 items tagged "deutf"

Related tags: vulnerability [+], proc [+], php code [+], php [+], arbitrary code [+]

• January 27, 2012
• 3:11

  vBSEO 3.6.0 proc_deutf() Remote PHP Code Injection

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.

  Tags:  proc php deutf arbitrary-code php-code vulnerability  

• 3:11

  vBSEO 3.6.0 proc_deutf() Remote PHP Code Injection

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.

  Tags:  proc php deutf arbitrary-code php-code vulnerability  

• 3:11

  vBSEO 3.6.0 proc_deutf() Remote PHP Code Injection

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.

  Tags:  proc php deutf arbitrary-code php-code vulnerability