«
Expand/Collapse
63 items tagged "php code"
Related tags:
execution [+],
remote [+],
pmwiki [+],
cms [+],
arbitrary code [+],
injection [+],
file [+],
webid [+],
txt [+],
phpldapadmin [+],
horde [+],
php [+],
vbulletin [+],
query engine [+],
proc [+],
preauth [+],
omegabill [+],
malicious user [+],
hostbill [+],
fckeditor [+],
dolphin [+],
deutf [+],
day [+],
command execution [+],
ckeditor [+],
build [+],
balitbang [+],
backdoor [+],
arbitrary command [+],
arbitrary code execution [+],
aphpkb [+],
alguest [+],
code execution [+],
system input [+],
sql [+],
simploo [+],
proof of concept [+],
phpscheduleit [+],
metinfo [+],
malicious users [+],
code [+],
suffers [+],
step [+],
server field [+],
phpauctionsystem [+],
multiple [+],
knowledgebase [+],
javascript [+],
exploit [+],
encode [+],
e107 [+],
crypt [+],
bugtraq [+],
bbcode [+],
auto [+],
arbitrary [+],
andy [+],
adserver [+],
Community [+],
vulnerability [+]
-
13:56
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
-
13:56
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
-
13:56
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
-
-
19:27
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.
-
19:27
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.
-
19:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.
-
-
3:11
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
3:11
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
3:11
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
-
20:58
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
-
20:58
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
-
20:58
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
-
-
7:41
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
-
7:41
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
-
7:41
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
-
-
7:36
»
Packet Storm Security Exploits
vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.
-
7:36
»
Packet Storm Security Recent Files
vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.
-
7:36
»
Packet Storm Security Misc. Files
vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.
-
-
7:17
»
Packet Storm Security Exploits
Balitbang CMS version 3.3 suffers from an arbitrary file editing vulnerability that can allow a remote attacker arbitrary php code execution.
-
-
11:51
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the filename and block parameters to view.php is not properly sanitized before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code. Successful exploitation requires authentication.
-
11:51
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the filename and block parameters to view.php is not properly sanitized before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code. Successful exploitation requires authentication.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution