61 matches found
CVE-2019-12868
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP fileexists function is used with user-controlled entries, and phar:// URLs trigger deserialization...
Deserialization of untrusted data
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP fileexists function is used with user-controlled entries, and phar:// URLs trigger deserialization...
CVE-2019-12868
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP fileexists function is used with user-controlled entries, and phar:// URLs trigger deserialization...
CVE-2019-12868
CVE-2019-12868 (MISP 2.4.109) is a remote command execution vulnerability in the PHP component at app/Model/Server.php . The root cause is the use of PHP’s file_exists with user-controlled entries combined with phar:// URLs, which can trigger deserialization and allow a super administrator to exe...
PDNS Manager Remote Command Execution
Advisory: Remote Command Execution in PDNS Manager RedTeam Pentesting discovered that PDNS Manager is vulnerable to a remote command execution vulnerability, if for any reason the configuration file config/config-user.php does not exist. Details ======= Product: PDNS Manager Affected Versions: Gi...
CmsEasy front Desk arbitrary code execution vulnerability
Source link: https://xianzhi.aliyun.com/forum/read/215.html 在补丁页面http://www.cmseasy.cn/patch/show1116.html下载补丁CmsEasyforUploads20161012.zip Modified files no more 通过diff发现补丁中lib/default/toolact.php 392 row cutimageactionfunction is commented out Take a look at this function php /function...
CVE-2006-4481
The 1 fileexists and 2 imapreopen functions in PHP before 5.1.5 do not check for the safemode and openbasedir settings, which allows local users to bypass the settings. NOTE: the errorlog function is covered by CVE-2006-3011, and the imapopen function is covered by CVE-2006-1017...
DocMGR <= 0.54.2 (file_exists) Remote Commands Execution Exploit
No description provided by source. ?php ---docmgr0542inclxpl.php 0.30 12/02/2006 DocMGR = 0.54.2 remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works against PHP5, with shortopentag = On and registerglobals = On usage: launch from Apache, fill in requested...
Ignition 1.3 (page.php) Local File Inclusion Vulnerability
No description provided by source. Ignition 1.3 page Local File Inclusion Vulnerability disclosed by cOndemned download: http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz note: 1. Magicquotesgpc should be turned off in order to exploit this vulnerability 2. LFI bugs found by m...
Easytalk任意文件包含漏洞
简要描述: 过滤不严。 详细说明: 在appaction.class.php中 public function index parent::tologin; $appname=trim$this-get'appname'; $action=$this-get'action';//直接调用方法 $out=urldecode$GET'out'; //是否开启应用 $app=M'Plugins'-where"directory='$appname' AND available=1"-find; $this-assign'app',$app; if !$app...
php: paths with NULL character were considered valid
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the fileexists function...
ecshop最新2.7.3版本后台本地包含漏洞
简要描述: ecshop最新2.7.3版本后台本地包含漏洞 详细说明: admin/integrate.php文件,110行 $code = empty$GET'code' ? '' : trim$GET'code'; if empty$code || fileexistsROOTPATH . DATADIR . '/integrate' . $code . 'log.php' sysmsg$LANG'lostintalllog', 1; includeROOTPATH . DATADIR . '/integrate' . $code . 'log.php'; 1. $code 未过滤 ...
Piwigo任意文件泄露和任意文件删除漏洞
BUGTRAQ ID: 58016 Piwigo是用PHP编写的相册脚本。 Piwigo 2.4.6及其他版本没有正确验证install.php脚本的 'dl'参数值,在实现上存在安全漏洞,攻击者可利用这些漏洞查看受影响计算机上的任意文件,删除受影响应用上下文内的任意文件。 0 Piwigo Piwigo 2.4.6 厂商补丁: Piwigo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://piwigo.org/bugs/view.php?id=2843...
CVE-2006-7243
PHP before 5.3.4 accepts a NUL (\0) in a pathname, enabling context-dependent bypass of access restrictions (example: .php\0.jpg) via file_exists; remediation involves upgrading to a fixed PHP version (5.3.4+; later advisories note 5.4.41+/5.5.x+/5.6.x fixes). The CVE-2015-4025/4026 entries ackno...
CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the fileexists function...
Joomla Seber Cart 1.0.0.1x Local File Disclosure
========================================================================================================= o Joomla Component Seber Cart Local File Disclosure Vulnerability Software : comsebercart version 1.0.0.1x Vendor : http://www.seber.com.au/ Author : AntiSecurity NoGe Vrs-hCk OoNBoY Paman zx...
Joomla Component Seber Cart (getPic.php) Local File Disclosure Vulnerability
No description provided by source. ========================================================================================================= o Joomla Component Seber Cart Local File Disclosure Vulnerability Software : comsebercart version 1.0.0.1x Vendor : http://www.seber.com.au/ Author :...
CodeDB 1.1.1 - list.php Local File Inclusion
CodeDB 1.1.1 - list.php Local File Inclusion Name : CodeDB list.php lang Local File Inclusion Vulnerability Author : cOndemned Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ; Source : // list.php 2. $lang = htmlspecialchars$GET'lang'; // ok, but.... for what ? lol 7...
FireAnt 1.3 - 'index.php' Local File Inclusion
Name : FireAnt v1.3 Local File Inclusion Vulnerability Author : cOndemned Dork : use Your brain : Greetz : ZaBeaTy, str0ke, GregStar, irk4z, Sandtalker & Avantura ; Source : // index.php 8. $page = "buglist"; //default page 9. if !empty$GET'page' 10. $page = striptags$GET'page'; 99. if...
FireAnt 1.3 (index.php page) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications =============================================================== FireAnt 1.3 index.php page Local File Inclusion Vulnerability =============================================================== Name : FireAnt v1.3 Local File Inclusion...