Double Your Bitcoin Script Automatic - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018 Version: v1 REQUIRED Test...

Double Your Bitcoin Script Automatic - Authentication Bypass

Double Your Bitcoin Script Automatic - Authentication Bypass Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Date: 2018-12-08 Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018...

[SECURITY] [DLA 1591-1] libphp-phpmailer security update

Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u4 CVE IDs : CVE-2017-5223 CVE-2018-19296 It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language: CVE-2017-5223: Local file disclosure vulnerability via relative path HTML...

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

PHP libmagick 'libmagic/softmagic.c' denial of service vulnerability (CNVD-2015-03966)

PHP is a general-purpose scripting language. A security vulnerability in the PHP Fileinfo extension when handling constructed files allows remote attackers to exploit the vulnerability to crash the PHP process, resulting in a denial of service...

php: heap-based buffer overflow in DNS TXT record parsing

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dnsgetrecord function to perform a DNS query...

PHP 5.3.x libxslt安全限制绕过漏洞

BUGTRAQ ID: 51806 CVE ID: CVE-2012-0057 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP在libxslt安全设置上存在漏洞，可使远程攻击者通过使用了libxslt输出扩展的特制XSLT样式表创建任意文件。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

ST-Gallery 0.1a SQL Injection

|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ WEB: http://blog.sebastian-thiele.net/projekte/gallery/ | |--DOWNLOAD: http://sourceforge.net/projects/st-gallery/ |...

SQL INJECTION VULNERABILITIES--ST-Gallery version 0.1 alpha-->

----------------------------------------------------------------- SQL INJECTION VULNERABILITIES--ST-Gallery version 0.1 alpha-- ----------------------------------------------------------------- CMS INFORMATION: --WEB: http://blog.sebastian-thiele.net/projekte/gallery/ --DOWNLOAD:...

galleristic-sql.txt

/', $request$i, $response; if!empty$response1 return $response1 . ''; Usage : Run in a browser as : http://yourbox/exploit.php?target=http://targetbox/path/ ifempty$GET'target' die'No target site specified!'; else for$c = 1; $c...

security flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...

Timesheet Login.PHP SQL注入漏洞

Timesheet是一款基于PHP的网络日记程序。 Timesheet不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Login.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 Timesheet PHP Timesheet 1.2.1 http://www.timesheetphp.com/...

[NEWS] PRADO 'page' Parameter Allows Code Execution

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

AppServ 2.5.x and Prior Exploit

what AppServ ========== AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client/server programming. - For web programmers/developers using PHP & MySQL. - For programming techniques that...

Invision Gallery 1.0.1 - SQL Injection

Invision Gallery 1.0.1 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script...