Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

phpDocumentor: Function call injection

Background The phpDocumentor package provides automatic documenting of PHP API directly from the source. Description phpDocumentor bundles Smarty with the modifier.regexreplace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string. Impact A remot...

iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications iManager Plugin v1.2.8 d Remote Arbitrary File Deletion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: = 1.2.8 Build 02012008 Summary: With iManager you can manage your files/images on your...

[Заметка] SSI Web shell

1. Введение В данной заметке я рассмотрю примеры использования SSI, для обхода ограничений php в частности. 2. Теория SSI Server Side Includes — включения на стороне сервера — несложный язык для динамической «сборки» веб-страниц на сервере из отдельных составных частей и выдачи клиенту...

Zikula Security bypass Vulnerability

This host is running Zikula and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbzikulasecbypassvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Zikula Security bypass Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...

CVE-2010-2100

The 1 htmlentities, 2 htmlspecialchars, 3 strgetcsv, 4 httpbuildquery, 5 strpbrk, and 6 strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function,...

Roundcube Webmail 0.2b - Remote Code Execution

Roundcube Webmail 0.2b - Remote Code Execution !/bin/sh I was hoping the PoC would not appear so soon, but now that it is out, i thought i might as well publish my real exploit. Hunger http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 FOR LEARNING PURPOSES ONLY! PHP...

Roundcube Webmail 0.2b - Remote Code Execution

!/bin/sh I was hoping the PoC would not appear so soon, but now that it is out, i thought i might as well publish my real exploit. Hunger http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 FOR LEARNING PURPOSES ONLY! PHP echoiniget'disablefunctions'; exec, system PHP passthru"id; uname...

Spoofing

The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...

CVE-2008-1066

The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...

CVE-2008-1066

The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...

CVE-2008-1066

The CVE-2008-1066 entry concerns Smarty (PHP template engine). The vulnerable component is the modifier.regex_replace.php plug‑in, which does not properly sanitize input related to the ASCII NUL character in a search string. This can allow a remote attacker to call arbitrary PHP functions via tem...

CVE-2008-1066

The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...

GLSA-200710-21 : TikiWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200710-21 TikiWiki: Arbitrary command execution ShAnKaR reported that input passed to the 'f' array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact : An attacker could...

[SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1030-1 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

Design/Logic Flaw

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...