Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Artica Proxy 4.40 Code Injection

Artica Proxy version 4.40 suffers from a code injection vulnerability that provides a reverse shell.

Packet Storm
#vulnerability#windows#google#php#buffer_overflow#auth#firefox
ABB Cylon Aspect 3.08.00 (dialupSwitch.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'MODEM' HTTP POST parameter called by the dialupSwitch.php script.

ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service Control

The BMS/BAS controller suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

ABB Cylon Aspect 3.08.01 (persistenceManagerAjax.php) Directory Traversal

The BMS/BAS controller has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose sensitive system details, aiding in further attacks. The issue lies in the listFiles() function of the persistenceManagerAjax.php script, which calls PHP's readdir() function without proper input validation of the 'directory' POST parameter.

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal

ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose sensitive system details, aiding in further attacks. The issue lies in the listFiles() function of the persistenceManagerAjax.php script, which calls PHP's readdir() function without proper input validation of the directory POST parameter.

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

In livewire/livewire `< v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: - Filename is composed of the original file name using `$file->getClientOriginalName()` - Files stored directly on your server in a public storage disk - Webserver is configured to execute “.php” files ### PoC In the following scenario, an attacker could upload a file called `shell.php` with an `image/png` MIME type and execute it on the remote server. ```php class SomeComponent extends Component { use WithFileUploads; #[Validate('image|extensions:png')] public $file; public function save() { $this->validate(); $this->file->storeAs( path: 'i...

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion

ABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

PHP-Nuke Top Module SQL Injection

The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.

ABB Cylon Aspect 3.08.01 (calendarFileDelete.php) Arbitrary File Deletion

The BMS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the 'file' parameter in calendarFileDelete.php is not properly sanitised before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Large scale Google Ads campaign targets utility software

Malicious Google sponsored results disguised as software downloads lead to malware.