Variable $domain not sanitized. When register_globals=on, an attacker can exploit this vulnerability with a simple PHP injection script.
This exploit allows an attacker to execute arbitrary commands on a vulnerable VerliAdmin version 0.3. The vulnerability exists in the 'language.php' file, where the 'lang' cookie is not properly sanitized before being used in an 'Include' statement. By manipulating the 'lang' cookie, an attacker can include arbitrary files and execute commands on the server.
The vulnerability exists in the include/ directory of the phpXD script. It is caused by the insecure usage of the require() function to include PHP files. An attacker can exploit this vulnerability by providing a malicious code in the 'path' parameter of the affected PHP files, which can lead to remote code execution.
The ZeusCMS version 0.3 and earlier is vulnerable to a blind SQL injection exploit. The vulnerability allows an attacker to inject SQL code through the HTTP Referer header, which is not properly checked.
The syzygyCMS 0.3 has a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by manipulating the 'page' parameter in the URL to include arbitrary files from the server.
A remote denial-of-service vulnerability affects the DB Hub application because of a memory-corruption flaw when the application attempts to process specially crafted network traffic. An attacker may exploit this issue to crash affected applications, denying service to legitimate users.
Quick.Cms.Lite is vulnerable to remote code execution due to the use of register_globals=On. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This will allow the attacker to execute arbitrary code on the server.
This exploits works on tinyBB <= 0.3. It includes a Remote File Include vulnerability, a Local File Include vulnerability, and a SQL injection vulnerability. The Remote File Include vulnerability allows an attacker to include a remote file on the vulnerable server. The Local File Include vulnerability allows an attacker to include a local file on the vulnerable server. The SQL injection vulnerability allows an attacker to inject malicious SQL code into the vulnerable server.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'img_header_id' parameter of the 'oqey_settings.php' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the application's database, cause denial of service or access sensitive data.
A vulnerability in class.upload.php version 0.30 allows an attacker to upload a malicious file to the server. The attacker can then access the file via a web browser.