CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

Unsafe handling of preg_replace parameters

PMASA-2016-27 Announcement-ID: PMASA-2016-27 Date: 2016-06-23 Summary Unsafe handling of pregreplace parameters Description In some versions of PHP, it's possible for an attacker to pass parameters to the pregreplace function which can allow the execution of arbitrary PHP code. This code is not...

cmseasy 存储xss+csrfgetshell

简要描述： 存储xss可打管理员，因为一个有趣的pregreplace函数特性造成getshell。 详细说明： 用官方的demo测试了一遍 官网shell地址：http://test.cmseasy.cn/celive/include/config.inc.php 流程： （1）在bbs发帖。 （2）管理员审核帖子时触发 （3）getshell？（可以用一个csrf getshell，但是此csrf需要登陆过celive，最好的方法就是打到cookie或者修改管理员的密码，然后自己登陆后台getshell） 存储xss位置： 在文件bbs/add-archive.php下...

CVE-2014-8998

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...

MantisBT XmlImportExport Plugin PHP Code Injection Exploit

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink"...

MantisBT XmlImportExport Plugin PHP Code Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability', 'Description' = %q This module exploits a post-auth vulnerability...

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'X7 Chat 2.0.5 lib/message.php pregreplace PHP Code Execution', 'Description' = %q This module exploits a post-auth vulnerability fou...

phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind waraxe Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html...

vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection Exploit

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'vBSEO = 3.6.0 procdeutf Remote PHP Code Injection', 'Description' = %q This module exploits a vulnerability in...

PHPizabi 0.848b - C1 HFP1 Remote Privilege Escalation Vulnerability

No description provided by source. -------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo...

DataLife Engine preview.php PHP Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Active Collab "chat module" <= 2.3.8 - Remote PHP Code Injection Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Supernews <= 2.6.1 (noticias.php cat) SQL Injection

No description provided by source. Supernews = 2.6.1 noticias.php cat Remote SQL Injection Google Dork: intext:2003 - 2004 : SuperNews : Todos os direitos reservados Bug discovered by Pr0T3cT10n, [email protected] Date: 31/05/2012 Version: 2.6.1 Software Link:...

CVE-2013-5352

Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the 1 activitiestext parameter to services/activities/set or 2 commentstext parameter to services/comments/set, which is not properly handled when executing the pregreplace function with the e modifi...

CVE-2012-6554

functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:160)

Updated phpmyadmin package fixes security vulnerabilities : In some PHP versions, the pregreplace\ function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly...