PHP CGI Argument Injection

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PHP CGI Argument Injection',...

PHP CGI Injection

Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = """""" postLength = lenpwncode httpraw="""POST...

Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

Un-Patched PHP-CGI remote code execution bug can expose Source Codes A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch...

Serious Remote PHP Bug Accidentally Disclosed

A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag...

Fedora Update for cherokee FEDORA-2011-14622

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14622 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for cherokee FEDORA-2011-12687

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12687 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Authentication Bypass for frontend users and Information Disclosure. Component Type: TYPO3 Core Affected Versions: 4.2.11 and below, 4.3.1 and below Vulnerability Types: Authentication Bypass, Cross-Site Scripting XSS,...

Mandrake Security Advisory MDVSA-2009:285 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:285. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Mandrake Security Advisory MDVSA-2009:246 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:246. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Mandrake Security Advisory MDVSA-2009:167 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:167. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Mandrake Security Advisory MDVSA-2009:145 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:145. OpenVAS Vulnerability Test $Id: mdksa2009145.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:145 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:145 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:145. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Mandrake Security Advisory MDVSA-2009:090 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:090. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Mandriva Update for php MDVSA-2008:127 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2008:127 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandriva Update for php MDVSA-2008:128 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2008:128 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandriva Update for php MDVSA-2008:127 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2008:127 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Gentoo Security Advisory GLSA 200509-19 (PHP)

The remote host is missing updates announced in advisory GLSA 200509-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200407-13 (PHP)

The remote host is missing updates announced in advisory GLSA 200407-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200504-15 (PHP)

The remote host is missing updates announced in advisory GLSA 200504-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] php for Slackware 11.0 reissued

The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. Sorry for any inconvenience. Here are the details from the Slackware 11.0 ChangeLog: extra/php5/php-5.2.5-i486-2slack11.0.tgz: The security/bug fix...