114 matches found
PHP CGI v5.3.12/5.4.2 Remote Code Execution
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
MiracleLinux 3 : php-5.1.6-34.0.1.AXS3 (AXSA:2012-548:04)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-548:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...
Linux Distros Unpatched Vulnerability : CVE-2012-1823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly handle query strings that lack a...
curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities
Vulnerability description not provided...
PHP-CGI OS Command Injection Vulnerability
PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...
Exploit for OS Command Injection in Php
CVE-2024-4577 This is a PoC for PHP CVE-2024-4577. Introdu...
PHP 8.1.x < 8.1.29 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: - An argument Injection in PHP-CGI with a bypass of CVE-2012-1823...
Slackware: Security Advisory (SSA:2024-158-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] php
New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.29-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI...
Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-158-01)
The version of php81 installed on the remote host is prior to 8.1.29 / 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-158-01 advisory. New php packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Oracle: Security Advisory (ELSA-2012-0546)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2012-0547)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2012-77)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP CGI Argument Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit...
PHP CGI Argument Injection Exploit
No description provided by source. Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = ?php phpinfo;? postLength = lenpwncode httpraw=POST...
openSUSE Security Update : php5 (openSUSE-SU-2012:0590-1)
when used in CGI mode remote attackers could inject command line arguments to php %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-261. The text description of this plugin is C SU...
openSUSE Security Update : php5 (openSUSE-2012-288)
The patch for CVE-2012-1823 was incomplete, this update fixes the remaining bits CVE-2012-2335, CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-288. The text...
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies
Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux.Darlloz, earlier used to target Internet of Things IoT devices, i.e. Home Routers, Set-top...
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2)
Apache + PHP 5.3.12 / 5.4.2 - Remote Code Execution Multithreaded Scanner 2. CVE-2012-1823,CVE-2012-2311,CVE-2012-2336. Remote exploit for PHP...