106 matches found
MiracleLinux 7 : rh-php56-php-5.6.5-8.el7 (AXSA:2016-140:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-140:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers...
EUVD-2018-10473
Malware in sbrugna...
CVE-2018-18757
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submitfeedback.php SQL Injection, a different vulnerability than CVE-2018-18758...
RHSA-2016:1612 Red Hat Security Advisory: rh-php56-php security update
Bulletin has no description...
K95432245: PHP vulnerability CVE-2016-5768
Security Advisory Description Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application...
K29691966: PHP vulnerability CVE-2016-5773
Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...
SUSE CVE-2015-1351
Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...
Online Covid Vaccination Scheduler System 1.0 - (username) time-based blind SQL Injection
Exploit Title: Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Social Networking Site SQL Injection
Exploit Title: Social Networking Site - Authentication Bypass SQli Date: 2020-11-17 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Curfew e-Pass Management System 1.0 SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: Curfew e-Pass Management System - 'searchdata' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Responsive Online Blog 1.0 SQL Injection
Exploit Title: Responsive Online Blog 1.0 - 'single.php?id=' SQL Injection Date: 2020-07-03 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution Vulnerabilitie
Exploit for php platform in category web applications Exploit Title: Online DJ Booking Management System Project Report - RCE Through SQLi Authenticated User - admin Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Online Shopping Portal 3.1 SQL Injection
Exploit Title: Online Shopping Portal 3.1 - 'email' SQL Injection Date: 2020-07-06 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Software Link:...
CVE-2014-3622
Use-after-free vulnerability in the addpostvar function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value...
CVE-2014-3622
CVE-2014-3622 describes a use-after-free in PHP 5.6.x prior to 5.6.1 affecting the Posthandler component (add_post_var). The underlying issue could let remote attackers execute arbitrary code through a third-party filter extension that accesses a specific ksep value. Practical impact is remote co...
Internet Bug Bounty: Null Pointer Dereference in PHP Session Upload Progress
Affected Versions ------------ Affected is all of PHP5.4/5.5/5.6 Affected is all of PHP7 Credits ------------ This vulnerability was disclosed by Taoguang Chen. Description ------------ session.c static int phpsessionrfc1867callbackunsigned int event, void eventdata, void extra / / ... switcheven...
Dokuwiki 2018-04-22b Username Enumeration
Exploit Title: Dokuwiki 2018-04-22b - Username Enumeration Date: 2019-12-01 Exploit Author: Talha ŞEN Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link: https://download.dokuwiki.org/ Version: 2018-04-22b "Greebo" Tested on: Alpine Linux 3.5 docker image PHP 5.6.30 Apache/2.4.25 Un...
0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration
Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux os system at the same...
CVE-2018-18757
Open Faculty Evaluation System 5.6 for PHP 5.6 contains an SQL Injection in submit_feedback.php. The issue stems from lack of validation of externally supplied SQL statements, enabling an attacker to execute arbitrary SQL. This vulnerability is separate from CVE-2018-18758 and has multiple CNVD/N...