This vulnerability allows remote attackers to execute arbitrary PHP code on the vulnerable server. The vulnerability is caused due to the "lib_action_step.php" script not properly sanitizing user input supplied to the "GLOBALS[CLASS_PATH]" variable. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.
Easy-Content Forums 1.0 is vulnerable to multiple SQL and XSS injection attacks. The userview.asp and topics.asp files are vulnerable to SQL injection due to lack of filtering. The userview.asp and topics.asp files are also vulnerable to XSS due to lack of filtering. An example of an XSS attack is http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E which will display an alert box with the letter X.
Login before injection. http://target/[path]/member.asp?uName='union%20select%200,0,0,username,0,0,pd,email,0,0,0,0,0,0,0,0,0,0,0,0%20from%20member
tiffsplit from libtiff is vulnerable to a bss-based and stack-based overflow. A proof of concept code is available for the stack-based buffer overflow. The .bss section is in higher addresses than .dtors section, so, it is not possible to hijack .dtors.
Xi Wang discovered that mod_auth for the Lighttpd server does not properly decode characters from the extended ASCII table. This vulnerability may lead to an out-of-bounds read and theoretically cause a Segmentation Fault (Denial of Service attack).
It is possible to login as administrator with admin'-- as username and password. You can now go in the admin profil to look at the password which is in plaintext in html.
DedeCMS is vulnerable to SQL injection in the 'id' parameter of the 'list.php', 'members.php' and 'book.php' files. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
Reaver is a tool to exploit a security hole in wireless routers that use WPS (WiFi Protected Setup). It is designed to brute force the PIN in order to recover the WPA/WPA2 passphrase. It is possible to use Reaver to attack access points from Linksys, Cisco, D-Link, TP-Link, Trendnet, and others.
There is no sanitation on the input of the name variable. This allows malicious scripts to be added. This is a stored XSS.
The variables $start, $year, $month are not filtered in the files /modules/blog/tags.php, list.php, index.php, main_index.php, viewpost.php, /modules/blog/archive.php, /modules/blog/control/approve_comments.php, approve_posts.php, viewcat.php, which can be exploited to inject malicious SQL queries.
Services By CQR