The AWCM v2.2 CMS is vulnerable to Local File Inclusion. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'awcm_theme' and 'awcm_lang' cookie parameters in the 'header.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious cookie values to the vulnerable script. This can allow the attacker to read arbitrary files from the server.
An attacker can exploit a SQL injection vulnerability in PHPDirector Game Edition (game.php) to gain access to the admin panel. The attacker can use the following URL to inject malicious SQL code: www.site.com/games.php?id=null[Sql Injection] www.site.com/games.php?id=null+and+1=2+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+pp_user. The admin panel can be accessed at www.site.com/admin/login.php.
AB WEB CMS version 1.35 is vulnerable to multiple remote vulnerabilities. The vulnerabilities are caused due to the improper validation of user-supplied input in the 'index.php' script. This can be exploited to execute arbitrary PHP code by sending a specially crafted HTTP request to the vulnerable script.
This exploit is only a Denial of Service in opera web browser. It creates a poc using heap spray that allow code execution, but the author does not post it because it can be used for evil. The exploit creates a HTML file with a select tag containing a large number of option tags with the same content. This causes an integer overflow in the program, leading to a Denial of Service.
The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Java Service contains numerous buffer overruns (2 of which I am aware of). Furthermore it is possible to execute arbitrary code if an attacker manages to upload a file onto the target system. As you can see in the following java exploit code the environment is not properly sanitized prior to executing shell scripts as root, thus one can use the LD technique to preload binaries or even easier modify the PATH variable to forge the ´cat´ binary (which is executed by lib/screenname) to be executed in a different place. This can be exploited locally - remotely especially if anonymous ftp uploads are possible or any other file transfer protocol is activated. Uploading a file via the line printer daemon might also be possible.
A specially crafted length field in a MODBUS packet header can trigger heap corruption. So basically memset(edi,eax,ecx). We control ecx, so we have control over the number of dwords it writes in the heap buffer. But, as you can see, the dwords themselves are not controllable, they are NULL. However, we can still write past the bounds of the allocated chunk of memory. Although it seems unlikely code execution could result, it is still possible to write data past the memory allocated on a heap (0x350000) available in the server process. This code works by setting up a fake channel and accepting a connection. To trigger this vulnerability, the server simply needs to initiate communication (monitor mode would be ideal) with this fake channel and the results depend on the response you choose.
PHP Link Directory v4.1.0 is vulnerable to CSRF which allows an attacker to add an admin user to the application. The attacker can craft a malicious HTML page containing a form with hidden fields that when visited by an authenticated user, will submit the form and add an admin user to the application.
This exploit is for Inetserv 3.23 SMTP DoS vulnerability. It uses a buffer overflow to send a large number of 'EXPN' commands to the server, causing it to crash. The exploit is written in Python and tested on WinXP SP0 Eng.
The vulnerability exists in the 'index.php' page of the PHP Coupon Script version 6.0, which allows an attacker to inject malicious SQL queries via the 'bus' parameter. An attacker can use the substring() function to check the version of the database and inject malicious SQL queries.
CultBooking suffers from a local file inlcusion/disclosure (LFI/FD) vulnerability when input passed thru the 'lang' parameter to cultbooking.php script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.