Hummingbird Deployment Wizard 2008 (DeployRun.dll) is vulnerable to arbitrary file execution. The vulnerable method is Sub Run (ByVal Path As String , ByVal CommandLine As String). This exploit was tested on Windows XP Professional SP3 full patched, with Internet Explorer 7.
The vulnerability exists due to insufficient sanitization of user-supplied input to the 'md' parameter in 'index.php' script. A remote attacker can include a local file and execute arbitrary code on the vulnerable system.
Calendars for the web has a vulnerability in the administration page. The page saves the past session, so that anyone navigating to the page has admin access. Before attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe After attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0 A Google query can find a couple pages of victims: inurl:calweb/calweb.exe Further hacks: if they disable the timeout you can still log in right after they log out... You could probaly do something with that Also the 0 at the ending is the administrator (super user) id.
A vulnerability in PHP Easy Downloader <= 1.5 allows an attacker to download arbitrary files from the server. This is done by sending a specially crafted HTTP request to the vulnerable server. The request contains the file parameter which specifies the file to be downloaded. The file parameter is not properly sanitized, allowing an attacker to download any file from the server.
This exploit allows an attacker to gain access to the username and password of a user in the iGaming CMS 2.0 Alpha 1 application. The attacker can use the 'union select' statement to inject malicious code into the application and gain access to the user credentials.
An attacker could be able to inject and execute PHP code through $_GET['sort'], that is passed to create_function() at line 195 into multi_sort() function body. By default only registered users can access to manage_proj_page.php (I've tested this on 1.1.3 version), because of this sometimes this PoC works only with a valid account.
Kure 0.6.3 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server. This vulnerability exists due to insufficient sanitization of user-supplied input to the 'post' and 'doc' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters ('../') to the vulnerable script. This will allow the attacker to include local files on the server.
A vulnerability exists in PokerMax Poker League which allows an attacker to gain administrative access to the site by setting a cookie with the username of the administrator. The default username is 'admin' and if it is changed, the attacker can easily find out the username of the admin and substitute it in the exploit command.
IP Reg <= 0.4 is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The vulnerabilities exist in the 'locationdel.php', 'vlanview.php', 'vlanedit.php' and 'vlandel.php' scripts. The attacker can exploit these vulnerabilities by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable scripts. This will allow the attacker to gain access to sensitive information such as usernames and passwords.
Mic_blog v0.0.3 is vulnerable to multiple remote exploits including Remote SQL Injection Exploit, Remote Blind SQL Injection Exploit and Remote Privilege Escalation Exploit (add a new administrator).
Services By CQR