Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
9657a689d1e137641b5539b1d18e172041c6d3cba27fdc722c254145353f09b5SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.
e53b7e681658c99d38155029675c243627ca96d8d11916eba4a766fb4d6a4c69SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.
a3c73b7d4acc8e32c7247c327692a33f62025c56af9edaa24b5dfff34103fc5aSOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.
b3547a84c8cad40f1ad245d4773be05f04779afc966facea5aec1efac17e152dUbuntu Security Notice 6757-1 - It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass.
d148d55e0339c28ab206c4e04376d9c0144caabdf1c279dfc99b6ae169bc4172LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
cd29b75f4fc26669967838b2cacc350651afd70ebc41fa183a818a2044008a19Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
7c99b12b4316d40822aec03a738c08d2f71e83f8ccbfc93224b96903f3515868Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
0069a8ea5cc51d5ef3e22cd8bb63e827819ebc41dadb05af036e8a0cb29b90c5GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.
79e57c6d95c397c23ce4c4203e72406e2900a93befed691fbc0ae540ed7a9cf4Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
f3e99d07ab1ab0d469a1a39ceb456ac6dc86fdcbd9071ad8690ce38ecca5a7ffDerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3eDerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
8f9e6fd28f6cfe91749cb218425046ee910787a3a9fd05dafed94fca09da5a72DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.
d7ac5458d2d0756d2d607450406a0027661faffb3740c59db51f83e2e7620fe8DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.
6ac6f7dc08e5aa36734a4a3929671a6b16c39f23cfa800f533b74b3aa6969051A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.
72a1060cc659927cdff0d3fabd91138203688e06b807e728473d37ed3e99a9d3Online Hotel Booking in PHP version 1.0 suffers from a remote blind SQL injection vulnerability.
dba5f6da9bbb1db4830270fe91b72c0f36ec37923f4911d24100811a4c3c40dbLMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
049c8de17cf497bf303930585481eadeb964f519906d25f2f09f96d1d4f41c47This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.
5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.
769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
57a616cd0cf4b87402d807007a9cc4baf3849c77c283470d324acd935adbc001Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.
5e13068f973fafd73dbd6db137d7088337677e0ff95c185b8076cc2a7f0f192f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed