Flatnux is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious code into the application by registering and logging in, and using the HTML code provided in the exploit. This code will execute a JavaScript that will grab the cookies of the visitor and send them to the attacker's website.
CFAGCMS is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'lang' parameter to '/[path]/index.php'. This can be exploited to include arbitrary local files by passing directory traversal sequences (e.g. '../') and a NULL byte (%00) to terminate the include statement.
A vulnerability in Availscript Classmate Script allows an attacker to upload a malicious file to the server. An attacker can register on the site, select a malicious file such as c99.php, and then right click on the blank line in the “Latest Members” section and choose properties. The attacker can then copy the link of the malicious file and rename it with their name and a random ID. This allows the attacker to upload the malicious file to the server.
A vulnerability in Availscript Article Script allows an attacker to upload a malicious file to the server. An attacker can register on the site, login, and add a pen/author name. When adding the pen/author name, the attacker can select a malicious file such as c99.php. The malicious file will be uploaded to the server and renamed with a random text such as cc1bd-c99.php. The malicious file can then be accessed from the photos folder.
The Rat CMS Alpha 2 is vulnerable to a privilege escalation vulnerability. An attacker can exploit this vulnerability to gain administrative access to the CMS.
A denial of service vulnerability exists in Linux Kernel versions 2.6.27.7-generic, 2.6.18, and 2.6.24-1. An attacker can exploit this vulnerability by sending a crafted packet to the target system, causing the system to crash. This vulnerability is due to a lack of proper validation of user-supplied input when handling ATM packets. An attacker can exploit this vulnerability to crash the target system, resulting in a denial of service condition.
A vulnerability exists in phpweather-2.2.2, which can be exploited by malicious people to conduct Local File Inclusion and Cross-Site Scripting attacks. The vulnerability is caused due to the application including user-supplied input without proper sanitization. This can be exploited to include arbitrary local files by passing directory traversal strings to the 'language' parameter in 'test.php' script and to execute arbitrary HTML and script code in a user's browser session in context of an affected site by passing malicious code to the 'cc' parameter in 'index.php' script.
A vulnerability exists in FreeForum which allows an attacker to access the database by accessing the URL http://xxxx.com/[path]/CAForum/_private/CAForum.mdb.
An attacker can access the iyzi Forum database by directly accessing the URL http://xxxx.com/[path]/db/iyziforum.mdb. A live demo of the exploit is available at http://www.iyziforum.com/demos/kJd32D33J11lOk6f7n2/db/iyziforum.mdb.
Services By CQR