This vulnerability allows remote attackers to read arbitrary files via a crafted XML document, related to an XML External Entity (XXE) injection in the MSXML parser. This vulnerability affects Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008. This vulnerability is related to CVE-2008-4030.
This exploit changes forum admin password (ex. attacker will be able to delete threads/topics) and sets allowHTML to true (attacks such as XSS/HTML Injection will be possible).
The Ez Ringtone Manager application is vulnerable to Remote File Disclosure, Local File Inclusion, SQL Injection, and XSS. An attacker can exploit these vulnerabilities by sending crafted requests to the application. For example, an attacker can send a request to the main.php or template.php file with a malicious parameter value to exploit the vulnerabilities.
A vulnerability in geta php cardealers allows an attacker to upload a malicious file to the server. An attacker can register to the site, login and edit their profile to upload a malicious file. The malicious file is then accessible at the path localhost/script/re_images/[ID]_logo_your_shell.php. An example of this exploit can be seen in the login http://www.getaphpsite.com/demos/cardealers/login.php with user zorlu and password zorlu1 and the malicious file can be accessed at http://www.getaphpsite.com/demos/cardealers/re_images/1227370217_logo_c.php.
A vulnerability in geta php Real Estate allows an attacker to upload a malicious file to the server. An attacker can register to the site, login and edit their profile to upload a malicious file. The malicious file is then accessible at the path localhost/script/re_images/[ID]_logo_your_shell.php. An example of this exploit can be seen in the login http://www.getaphpsite.com/demos/realty/login.php with user zorlu and password zorlu1 and the malicious file can be accessed at http://www.getaphpsite.com/demos/realty/re_images/1227371905_logo_c.php
Discuz! Reset User Password Exploit is an authentication bypass vulnerability that allows an attacker to reset the password of a user without knowing the original password. This exploit was discovered by 80vul team in 2020 and affects Discuz! versions prior to 6.0.0. The attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. The request contains the username, email, and user ID of the target user. The server then responds with a cookie containing a session ID. The attacker can then use this session ID to reset the user's password.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'product' parameter to '/e107_plugins/zogo-shop/product_details.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service or compromise a vulnerable system.
Verlihub does not sanitize user input passed to the shell via its 'trigger' mechanism. Furthermore, the Verlihub daemon can optionally be configured to run as root. This allows for the arbitrary execution of commands by users connected to the hub and, in the case of the daemon running as root, complete commandeering of the machine.
A SQL injection vulnerability exists in the com_thyme component for Joomla! 1.0.x. The vulnerability is due to insufficient sanitization of user-supplied input to the 'event' parameter in the 'index.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's database, resulting in the manipulation or disclosure of arbitrary data. This can be exploited to bypass authentication and gain administrative access to the application.
A command line parsing vulnerability exists in KVIrc 3.4.2 Shiny which can be exploited by passing the '"' char followed by command line switches to 'irc:///', 'irc6:///', 'ircs:///' and 'ircs6:///' urls. The most interesting one is the -e switch followed by 'run' command, this runs calc.exe. The following links add a new user on target with admin privileges.
Services By CQR