This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a malicious file via a vulnerable script. The vulnerable script is phppc 1.03 RC1, which is vulnerable to a Remote File Include vulnerability. The exploit was discovered by The-wolf-ksa (wolf) and was released by the wolf TEAM.
Freenews v1.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter 'chemin' in 'moteur.php' script. This can allow the attacker to execute arbitrary code on the vulnerable system.
4images 1.7.x is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as user passwords stored in the database.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'phpbb_root_path' parameter to '/includes/functions_num_image.php' script. This can be exploited to include arbitrary files from remote Web servers and execute arbitrary PHP code.
Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the format string in an unspecified formatted output function. Because an attacker can control the format string and the variables passed to the formatted output function, this vulnerability may be exploited to write to arbitrary locations within the memory of the process.
This exploit is used to gain access to the admin login and password of the Pierre Lemaitre - St Lô (France) - Ver 2.0 Cahier de textes application. It uses an SQL injection vulnerability to send malicious data to the application and extract the admin credentials from the response.
It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including it in an SQL query. This issue allows remote attackers to manipulate query logic. The issue could theoretically be exploited to compromise the software by performing unauthorized actions on the database, such as modifying or viewing data. SQL injection attacks may also be used to exploit latent vulnerabilities in the underlying database.
A buffer overflow vulnerability exists in SHTTPD 1.34 WinXP SP1 Hebrew. An attacker can exploit this vulnerability to execute arbitrary code by sending a specially crafted POST request to the vulnerable server. This can be exploited to gain remote code execution.
F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application, the vulnerable software will return an error message that includes the installation path of the software.
Microsoft Internet Explorer is prone to a vulnerability that may allow a remote site to detect files on the local computer. A remote attacker can exploit this issue through the ''sysimage://' protocol handler to detect the existence of a file on the local computer of the Web client viewing a malicious page. This could lead to a disclosure of sensitive information to remote attackers.
Services By CQR