Shimbi CMS is vulnerable to multiple SQL Injections. The first vulnerability is in the details.php parameter, where an attacker can inject a malicious SQL query. The second vulnerability is in the faq_details.php parameter, where an attacker can inject a malicious SQL query. The third vulnerability is in the blog/addComment.php parameter, where an attacker can inject a malicious SQL query.
EAFlashUpload v 2.5 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload malicious files to the server without authentication, allowing them to execute arbitrary code on the server.
CMS Lokomedia is vulnerable to an arbitrary file upload vulnerability. An attacker can upload malicious files to the server, which can be used to gain access to the server. The vulnerability exists in the 'tinymcpuk/filemanager/browser.html' page, which allows an attacker to upload files to the server. The uploaded files are stored in the 'lokomedia/tinymcpuk/gambar' directory. The vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable page.
This exploit is a buffer overflow vulnerability in the MPlayer Lite 33064 software. It is triggered when a maliciously crafted .m3u file is opened, which contains a long string of characters that overwrite the SEH handler. This allows an attacker to execute arbitrary code on the vulnerable system.
This exploit is a buffer overflow vulnerability in Mediacoder 2011 RC3. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted malicious file. The malicious file contains a 256 byte junk string followed by the address of the stack pointer, 25 NOPs and a shellcode that binds a shell at port 5555.
CMS Balitbang is content management system for educational website. It is using the old version of FCKeditor for upload file to all user.And all know the old version of FCKeditor have a vulnerability and attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked.
A vulnerability in Phpbuddies allows an attacker to upload arbitrary files to the server. The vulnerability exists in the 'elseif(RequestForm('new_photo')!='')' code block, where the 'RequestFile('myphoto')' function is used to upload a file without any validation. This allows an attacker to upload malicious files to the server, which can be used to execute arbitrary code.
A vulnerability in CMS Balitbang version 3.3 allows an attacker to edit files on the server. The vulnerability exists due to insufficient validation of user-supplied input in the 'editfile.php' script. A remote attacker can send a specially crafted request to the vulnerable script and edit arbitrary files on the server. Successful exploitation of this vulnerability may result in unauthorized access to sensitive information, modification of data, or may lead to further attacks.
Kleophatra 0.1.4 is vulnerable to an arbitrary file upload vulnerability. This vulnerability is due to a lack of input validation in the 'avatar.tpl' file, which allows an attacker to upload a malicious file to the 'media/avatars/' directory. An attacker can then access the malicious file via the URL http://127.0.0.1/kleo/media/avatars/'username'/'the file'.
libzip allows remote and local attackers to Denial of Service (Null Pointer Dereference) if ZIP_FL_UNCHANGED flag is set. For empty zip file and ZIP_FL_UNCHANGED flag, libzip should crash. Currently for PHP, the security impact we estimate only like a remote DoS, so risk is low.
Services By CQR