A remote file include vulnerability exists in Emergenices Personnel Information System (Empris) version v.20020923 and prior. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal sequences and a malicious file name. This can lead to arbitrary code execution on the vulnerable system.
A remote file include vulnerability exists in Enterprise TimeSheet and Payroll (EPS) version 1.1 and prior. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal characters. This can be exploited to execute arbitrary PHP code on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'spaw_root' parameter of 'td.php' and 'img.php' scripts. A remote attacker can execute arbitrary PHP code on the vulnerable system by passing it via the 'spaw_root' parameter in a specially crafted HTTP request.
Back-end have a default path pre-set on jpcache.php, and cracker can execute a remote command.
A remote file include vulnerability exists in Xtreme/Ditto News versions <= v.1.0. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal sequences and a malicious file name. This can be exploited to execute arbitrary PHP code on the vulnerable system.
This exploit is a proof of concept for a remote code execution vulnerability in QBik Wingate version 6.1.1.1077. The exploit uses a buffer overflow to overwrite the return address of the stack and execute malicious code. The malicious code is encoded using the PexAlphaNum encoder.
DreamAccount version 3.1 and prior are prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The application then includes the malicious file, allowing the attacker to execute arbitrary code on the server.
Particle wiki version 1.0.2 and prior are vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability to extract usernames and passwords (in hash form) from the database. The exploit involves sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL query that when executed, will return the username and password of all users in the database.
This exploit allows an attacker to execute arbitrary code on a vulnerable SCart 2.0 server. The vulnerability is due to an input validation error in the 'scart.cgi' script, which allows an attacker to inject arbitrary commands into the 'page' parameter. This exploit was discovered and published by K-159 in 2006.
Services By CQR