This exploit causes a denial of service in PHP 5.0.0 when the xmldocfile() function is passed a string of 9999 'A's. This exploit was tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0 and was discovered by Yakir Wizman.
This exploit causes a denial of service in PHP 5.0.0 when the simplexml_load_file() function is passed a string of 9999 'A's. This exploit was tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0 and was discovered by Yakir Wizman.
An unauthenticated attacker can send a specially crafted HTTP GET request to the vulnerable router to disclose arbitrary files from the router's file system. The vulnerable router is GPN2.4P21-C-CN with firmware version W2001EN-00, manufactured by ChinaMobile. The attack has been tested on Ubuntu Linux.
A Local Denial of Service vulnerability was discovered in PHP 7.0 when cloning an object. This vulnerability occurs when an object is cloned and the __clone() method is defined, which causes an infinite loop. This can be exploited to cause a denial of service condition.
This exploit causes a denial of service in PHP 5.0.0 when the domxml_open_file() function is passed a string of 9999 'A' characters. This exploit was tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0. The bug was discovered by Yakir Wizman.
HelpDeskZ = v1.0.2 suffers from an unauthenticated shell upload vulnerability. The software in the default configuration allows upload for .php-Files ( !! ). I think the developers thought it was no risk, because the filenames get obfuscated when they are uploaded. However, there is a weakness in the rename function of the uploaded file controllers httpsgithub.comevolutionscriptHelpDeskZ-1.0tree006662bb856e126a38f2bb76df44a2e4e3d37350controllerssubmit_ticket_controller.php - Line 141 $filename = md5($_FILES['attachment']['name'].time())...$ext; So by guessing the time the file was uploaded, we can get RCE. Steps to reproduce: httplocalhosthelpdeskzv=submit_ticket&action=displayForm Enter anything in the mandatory fields, attach your phpshell.php, solve the captcha and submit your ticket. Call this script with the base url of your HelpdeskZ-Installation and the name of the file you uploaded exploit.py httplocalhosthelpdeskz phpshell.php
Freepbx is a web-based open source GUI (graphical user interface) that controls and manages Asterisk (PBX). It suffers from an authenticated remote code execution vulnerability due to the lack of sanitization of the $url parameter before being passed to the 'exec' function. This can be exploited by an authenticated attacker to execute arbitrary code on the vulnerable system.
CYSTEME Finder is an admin file manager plugin for wordpress that fails to check cookie data in the request to http://server/wp-content/plugins/cysteme-finder/php/connector.php. This allows attackers to upload, download, and browse the remote file system. Simply replacing wphome with any other directory path will allow attackers to access the directory.
'send_message.php' is not check the csrf token or referer header. It is possible CSRF Attack. This page url is reflected data on page. It is vulnerable page because not filtered reflected url.
SimplePHPQuiz is vulnerable to Blind SQL Injection. Attackers can exploit this vulnerability by sending malicious payloads to the vulnerable parameters such as 'correct_answer', 'question', 'wrong_answer1', 'wrong_answer2', and 'wrong_answer3'. By sending a malicious payload, attackers can gain access to the database and extract sensitive information.
Services By CQR