PT-2023-12405 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: slackero phpwcms versions 1.9.26 and earlier Description: A critical issue was found in the software, affecting some unknown functionality. The manipulation of the argument $phpwcms'db prepend' leads to SQL injection. The attack can be launch...

Design/Logic Flaw

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit targets the "PHPVALUE" directive in the php.ini file, which...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit targets the "shortopentag" and "htmlerrors" php.ini setting...

GHSA-Q3GH-5R98-J4H3 RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign

Impact Jsrsasign can verify RSA-PSS signature which value can expressed as BigInteger. When there is a valid RSA-PSS signature value, this vulnerability is also accept value with prepending zeros as a valid signature. - If you are not use RSA-PSS signature validation, this vulnerability is not...

Wordlister - A Simple Wordlist Generator And Mangler Written In Python

A simple wordlist generator and mangler written in python. It makes use of python multiprocessing capabilities in order to speed up his job CPU intensive. Supported permutations: Capital Upper 1337 Append Prepend Additional functions: Test/Dry run Multiprocessing Multicore Possibility to adjust...

CVE-2019-13488

A cross-site scripting XSS vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend method is used...

Cross site scripting

A cross-site scripting XSS vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend method is used...

ALPINE-CVE-2016-8704

An integer overflow in the processbinappendprepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution...

Remote Code Execution Vulnerability in Memcached Append/Prepend

Memcached is a high-performance distributed in-memory object caching system for dynamic Web applications to reduce database load. A remote code execution vulnerability exists in Memcached Append/Prepend. processbinappendprepend function handles multiple commands of the Memcached binary protocol c...

Memcached Server Append/Prepend remote code execution vulnerability

DETAILS Memcached is a high performance object caching server intended for speeding up dynamic web applications and is used by some of the most popular Internet websites. It has two versions of the protocol for storing and retrieving arbitrary data, an ASCII based one and a binary one. The binary...

Memcached Server Append/Prepend Remote Code Execution Vulnerability

Summary An integer overflow in the processbinappendprepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv...

Linux Kernel 2.6.22 3.9 (x86x64) - Dirty COW procselfmem Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 3.9 x86x64 - Dirty COW procselfmem Race Condition Privilege Escalation SUID Method / EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot...

RHEL 7 : docker (RHSA-2015:0623)

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

php-cgi exploit EXP-vulnerability warning-the black bar safety net

1, local contains direct code execution: curl-H "USER-AGENT: ? system'id';die;?& gt;" http://target.com/test.php?-dautoprependfile%3d/proc/self/environ+-n 2, The remote contains the implementation code: curl...

PHP. ini way anti-injection or hung it-vulnerability warning-the black bar safety net

Originally this two-day study phpIDS, using the file: when you want to prevent the page attack, in the pages of the head of the include attack prevention file, just like General anti-injected into the file. We can use three cases to do that: 1, in each of the files within the references. Such a...

Plume CMS <= 1.0.3 (manager_path) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =================================================================== Plume CMS Vulnerable File/Code ./plume-1.0.3/manager/frontinc/prepend.php code includeonce $PXconfig'managerpath'.'/conf/config.php'; /code...

Microsoft IIS - SA WebAgent 5.25.3 Redirect Overflow (Metasploit)

Microsoft IIS - SA WebAgent 5.25.3 Redirect Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...