A vulnerability in Sepal's SPBOARD v4.5 (board.cgi) allows remote attackers to execute arbitrary commands via the file parameter.
This exploit is used to cause a denial of service in PacketTrap TFTPD. It uses the Net::TFTP module to send a malicious packet to the server, causing it to crash.
A vulnerability in H2O-CMS version 3.4 and below allows an attacker to set an admin cookie by using a malicious JavaScript code. This can be exploited to gain administrative access to the application.
This exploit allows an attacker to execute arbitrary commands on the vulnerable system. It is done by sending a maliciously crafted HTTP request to the vulnerable server. The exploit is triggered when the vulnerable server processes the maliciously crafted request and executes the arbitrary commands.
ThemeSiteScript v1.0 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable code is located in the frontpage_right.php file, line 2, which includes the $loadadminpage variable without any sanitization.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server with a malicious SQL query. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. For example, an attacker can send a request like www.[target].com/Script/iranian_music.php?id=-1+union+select+1,concat_ws(0x3a,user,psw),3,4,5,6,7+from+prelude-- to exploit this vulnerability.
A vulnerability exists in MyForum 1.3 which allows an attacker to set a cookie with the name 'myforum_login' and value '1' and another cookie with the name 'myforum_pass' and value '1' by using the JavaScript code 'javascript:document.cookie = "myforum_login=1; path=/"; javascript:document.cookie = "myforum_pass=1; path=/";'
e107 Plugin macgurublog_menu macgurublog.php is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.
MyKtools 2.4 is vulnerable to an arbitrary database backup vulnerability. An attacker can exploit this vulnerability by accessing the URL http://localhost/mykdownload.php and downloading the backup.
Aiocp 1.4 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other sensitive data.