The Shop Script Pro 2.12 application is vulnerable to SQL injection. The vulnerability exists in the 'index.php' file at line 101, where the '$current_currency' variable is set from the unfiltered value of the '$_SESSION["current_currency"]' variable. An attacker can exploit this vulnerability to upload a malicious shell script by sending a POST request with a SQL injection payload. This allows the attacker to execute arbitrary code on the server.
This is a exploit for the Linux pam_lib_smb version < 1.1.6 in /bin/login. The exploit allows for remote execution of arbitrary code with root privileges. The exploit requires adding a line to the /etc/pam.d/login file and configuring the /etc/pam_smb.conf file correctly.
SAP GUI for Windows version 6.4 contains an ActiveX component called SAPIrRfc which is vulnerable to a buffer overflow attack. An attacker can construct an HTML page that calls the vulnerable function 'Accept' from the ActiveX Object SAPIrRfc with a long parameter. When a user opens this page, it can lead to a denial of service (DoS) or full remote control of the target system. An example of a DoS attack is provided in the advisory.
Unknown
This script uses the vulnerability in autologinid variable to give a user on a vulnerable forum administrator rights. The user needs to be registered before using this exploit.
No detailed description provided.
This exploit takes advantage of a blind SQL injection vulnerability in Kjtechforce mailman Beta-1. By injecting specially crafted SQL queries, an attacker can manipulate the database and extract sensitive information.
This exploit targets PHPDev 5, a PHP/Apache/MySQL server. The PoC sample code uses the system function to execute a command specified in the $Ali7 variable.
The web interface password and admin email are being stored in clear text in the HTML code of the form. This can allow an attacker to easily obtain these credentials.
The Omilen Photo Gallery Beta 0.5 script is vulnerable to Local File Inclusion (LFI) attack. An attacker can exploit this vulnerability by manipulating the 'controller' parameter in the 'index.php?option=com_omphotogallery' URL, allowing them to include arbitrary files from the server.
Services By CQR