CVE-2016-10799

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation SEC-137...

EUVD-2016-1793

Malware in sbrugna...

CVE-2011-3805

TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/registerinfo.php and certain other files...

GHSA-82RV-45PC-V28W eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...

Bucky - An Automatic S3 Bucket Discovery Tool

Bucky is an automatic tool designed to discover S3 bucket misconfiguration, Bucky consists up of two modules Bucky firefox addon and Bucky backend engine. Bucky addon reads the source code of the webpages and uses Regular ExpressionRegex to match the S3 bucket used as Content Delivery NetworkCDN...

Design/Logic Flaw

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation SEC-137...

Wpbullet - A Static Code Analysis For WordPress (And PHP)

A static code analysis for WordPress Plugins/Themes and PHP Installation Simply clone the repository, install requirements and run the script $ git clone https://github.com/webarx-security/wpbullet wpbullet $ cd wpbullet $ pip install -r requirements.txt $ python wpbullet.py Usage Available...

PHPinfo Information Disclosure

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes, and various PHP applications may also include such a file by default. By accessing it, a remote attacker can discover a large amount of information about the remote...

Sendroid Bulk SMS Portal / Marketing Script 6.5.0 SQL Injection

Exploit Title: Sendroid - Bulk SMS Portal, Marketing Script 5.0.0 - 6.5.0 - SQL Injection Google Dork: "welcome to SMS portal" Date: 22/12/2017 Exploit Author: Onwuka Gideon Contact: http://twitter.com/@gideononwuka Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

CVE-2016-6633

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are...

Theory PHP Common Vulnerabilities first bomb: installation problems-vulnerability warning-the black bar safety net

First get a copy of the source code, certainly is the first install, and the installation file will often appear problem. Generally the installation file after the installation is complete, basically not automatically delete the install file, I encountered will be automatically deleted if it...

Zeuscart Multiple Vulnerabilities

Zeuscart is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zeuscart:zeuscart"; if...

Zeuscart 4.0 - Multiple Vulnerabilities

Zeuscart 4.0 - Multiple Vulnerabilities Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will ask...

Zeuscart 4.0 - Multiple Vulnerabilities

Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will asked to be assigned after release on...

Apache PHP-CGI Remote Code Execution

The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc. %NASLMINLEVEL 70300 ...

CVE-2012-5381

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...

CVE-2012-5381

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...

CVE-2012-5381

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...

XSS on plausible insecure PHP installation

PMASA-2008-4 Announcement-ID: PMASA-2008-4 Date: 2008-06-23 Summary XSS on plausible insecure PHP installation Description We received an advisory from Tim Starling Wikimedia, and we wish to thank him for his work. Some scripts in the /libraries directory were vulnerable to XSS. Severity We...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...