This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
568ea4cc2d068c625914a2aca31e396f31df3ead8417e7cc93c9f33b2b47b9acUbuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.
d6874c5afe37c2500fc7824d66b24af765e7c0d843c7aa5688092c11c7e428feOsprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
db0ca77f3b6262f047a41f704f1fbcabf469fa7d9140d8fddf64e48fc5dc7ab1Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
36296eda1780ae0ac70f0164496b08fb374f20a8169546a905c771704b399ab9Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
54e985965675a39585d65ec988986982607117a47b0151caf9326c6cb4e834f8Red Hat Security Advisory 2023-0965-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
21cc7adcd44f74a7b7d1f07e645c25db715969dc71fb46ce643d346bc354f014Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.
7ae7c33c3e28b6f24a8453dc72dcd9277d8782ff1546367e81b1eee017a28724Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
d6a1d2c70e7aeefb58c3d6f8d3e365857d79e83f3ce23dcb4126b0c9c7790543Ubuntu Security Notice 5818-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
5e3f991b525cb556d7f98923b6dc146a9a8e1bee769113d7ded701c12dd365aaPHP Hazir Haber Sitesi Scripti version 3 suffers from a remote SQL injection vulnerability.
a4e42a51639e0e659d8154ab6fba242013474c26b51d42f601449cdabf720418Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.
1b6698ff49dd75e5444eb0fdffd03d9806fd9c813b8e9255172cc30fc8eee07cTiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.
2ec6d4c5f2c778a5cba091671d5430e465c12ac9843c5cd81c7a60ef025d78c5Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.
78cc87727c56dfa65396d9be9770b8f57ca776f333384898c9697700f5975390This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in card_scan_decoder.php via the No and door HTTP GET parameter. Successful exploitation results in command execution as the root user.
1fd51575a69b265ae06a105677705b12fb58d93fd9bd59aaebb488726841bfeeSOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a conditional command injection vulnerability in traceroute.php.
493fb94bb96a88e40abd33e5eccebbff52f80b0de903d6bad482c12681edc5d7SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in ping.php.
ade832b5db9e3a83e1ab939037cf7ceb6613442fdf7944335ad9f3f638d97f84SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in dns.php.
29a3f77080209e96ce853753006ab37df305d0ac4c6d034a7504f2376215c2baSOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allow an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilization of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.
81c669280d4737e923eb0b0a5259214bbdd51f21c8109143eeadbef36025d06cSpitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.
3c6793041f6ef605d3f154b6af494fe31faa2d9c2220beafffe81f474b92710dvBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmp_attach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a PHP attachment and then browsing to the location of the uploaded PHP file on the web server, arbitrary code execution as the web daemon user (e.g. www-data) can be achieved.
d722a625744f0e9dc54c97184f41f3a6b314c7e49874af507dfdc2295535278eGentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.
9a1678e24b2e3feff0e005708de8cc73ed15cb45dc823e4705b0397f6d11473cWordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input.
796d230d939138bf65ab0ead41b12275e53550798cf863b9b6609b758208dec5Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.
b41c4f6c71ea1156cfd52b2bd3c354cdb2fc0372d5b22d463c64b50c55b777c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed