A vulnerability exists in Alex News-engine (fckeditor) which allows an attacker to upload arbitrary files to the server. The vulnerability is due to the lack of proper authentication and authorization checks in the '/editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=/' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script and upload arbitrary files to the server.
The Directory v1.1.1 script is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the API_HOME_DIR parameter of the init.php script.
Pluck CMS has Local File Include vulnerability. Successful exploitation requires that "register_globals" is enabled. An example of the exploit is http://[server]/[installdir]/data/inc/lib/pcltar.lib.php?g_pcltar_lib_dir=../../../../../../../../../../../../../etc/passwd%00
This vulnerability allows an attacker to inject malicious SQL code into the vulnerable application. In this case, the vulnerable application is Musicbox Version 2.3.8. The exploit code allows an attacker to extract usernames and passwords from the application's database.
noIPwn3r is an exploit for the DDNS noip-2.1.7 client for Linux. It is a buffer overflow exploit that takes advantage of the fact that the programmer blindly trusts the server response and copies static variables without size checking. This can be exploited with a poisoned DNS or a MITM attack.
This exploit makes 101 CSRFed requests to the CUPS daemon via 'img' tags, causing the CUPS daemon to crash.
This exploit affects all versions of Ultrastats, including version 0.3.11 and 0.2.144. It allows an attacker to inject malicious SQL code into the Ultrastats database, potentially allowing them to gain access to sensitive information or modify the database.
SaturnCMS is prone to a blind SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information in the back-end database. This issue affects versions prior to SaturnCMS 1.2.1.
A vulnerability in Simple Customer 1.2 allows an attacker to bypass authentication by entering any email address in the email field and entering ' or ' 1=1 in the password field.
It is possible to inject arbitrary command line parameters into Exodus v0.10, which can be used to overwrite arbitrary files or cause an infinite loop through multiple unhandled exceptions. This vulnerability affects Microsoft Windows systems.