WebCAF is a web-based child and family database developed by Head Start of Lane County. It contains three vulnerabilities, an Arbitrary File Delete vulnerability, a Local File Inclusion vulnerability, and a Remote Code Execution vulnerability. The Arbitrary File Delete vulnerability is present in the index.php file, lines 49-50 and 61-63. The Local File Inclusion vulnerability is present in the index.php file, lines 68-131, and the Remote Code Execution vulnerability is also present in the index.php file, lines 68-131. The view.php file also contains a Local File Inclusion vulnerability, lines 12-21.
When a 'specially crafted http packet' is sent x ~25 to the Livebox HTTP service, the server and network goes down.
This exploit allows an attacker to gain access to the MD5 hash of a user's password by exploiting a blind SQL injection vulnerability in phpBB 3 Mod Tag Board <= 4. The exploit works regardless of the PHP.ini settings and requires the host, table prefix, and user ID as parameters.
A SQL injection vulnerability exists in vBulletin (Mode Secure Downloads v2.0.0r) which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'fileinfo.php' script. This can be exploited to gain access to sensitive information from the database, modify data, or execute arbitrary SQL commands.
XAMPP has two vulnerabilities that are being used together: Global variable manipulation to spoof ip address and XSRF to change the .htaccess password for http://10.1.1.10/security/ and http://10.1.1.10/xampp/. The $_SERVER[REMOTE_ADDR] comes directly from Apache's tcp socket and this cannot normally be spoofed. However extract($_POST); can be used to overwrite any declared variable, including the $_SERVER superglobal. This can be used to 'spoof' the ip address as 127.0.0.1. This xsrf attack can be exploited from a browser in any ip address, so long as that browser is currently authenticated.
XOOPS has Multiple Local File Include vulnerabilities. Local File Include vulnerability found in scripts: xoops_lib/modules/protector/blocks.php and xoops_lib/modules/protector/main.php. Successful exploitation requires that "register_globals" is enabled. For successful exploitation first condition in if..else statement must be not true.
SIU-Guarani is a web application which keeps information about academic activities. It's widely used in Argentina by national universities. It is vulnerable to disclosure of database information, file upload and SQL injection.
MiniGal2(MG2) v0.5.1 is vulnerable to remote code injection due to improper input validation in the 'writecomments' and 'addcomment' functions. The 'writecomments' function is vulnerable to remote code injection due to the lack of input validation when writing to the '$filename' variable. The 'addcomment' function is vulnerable to remote code injection due to the lack of input validation when writing to the '$_REQUEST['filename']' variable.
PHPmyGallery Gold 1.51 is vulnerable to folders disclosure. An attacker can exploit this vulnerability to view the content of any folder in the vulnerable website.
QMail Mailing List Manager 1.2 is vulnerable to a database disclosure vulnerability. An attacker can access the qmail.mdb database file which contains sensitive information such as usernames, passwords, and other data. This can be exploited by accessing the following URL: http://xxxx.com/[path]/database/qmail.mdb
Services By CQR