A vulnerability in PHP Hosting Directory 2.0 allows an attacker to set arbitrary cookies by using a malicious JavaScript code. The code can be used to set the 'adm' cookie to '1' and set the path to '/'. This can be used to gain administrative access to the application.
HIOX Browser Statistics 2.0 is vulnerable to a remote file inclusion vulnerability. The vulnerability is due to the 'hm' parameter in 'hioxupdate.php' and 'hioxstats.php' scripts not properly sanitized before being used in an 'include' function call. This can be exploited to include arbitrary files from remote locations by passing a URL as the 'hm' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the 'php.ini' file.
HIOX Random Ad 1.3 is vulnerable to a Remote File Inclusion (RFI) vulnerability. The vulnerability is due to the 'hm' parameter in 'hioxRandomAd.php' script not properly sanitized before being used in an 'include' function call. This can be exploited to include arbitrary remote files by passing an URL as the 'hm' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the 'php.ini' file.
A remote file inclusion vulnerability exists in PHP Hosting Directory 2.0, which allows an attacker to include a remote file via the 'rd' parameter in the 'admin.php' script. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.
Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injection issues in Gregarius that allow for the disclosure of database contents and ultimately the complete compromise of the Gregarius installation via exposed admin credentials. The code taken from /ajax.php allows for an attacker to specify the content of $cid via the rsargs[] array and influence the query regardless of magic_quotes_gps settings etc. An attacker is able to dump the users table to the browser and the password hashes in the database are md5 encrypted.
This exploit is for e107 Plugin BLOG Engine v2.2. It is a Blind SQL Injection exploit which can be used to extract the MD5 password of the user with user_id=1. It uses the substring() function to extract the password character by character. The exploit is written in Perl and uses the LWP::UserAgent module.
Minishowcase Image Gallery has local file include vulnerability in script libraries/general.init.php. Vulnerable GET parameters 'lang'. Successful exploitation requires that 'register_globals' is enabled.
This exploit removes the requirement to authenticate and escalates to level 15. It is a hard-coded address exploit for IOS 12.3(18) on a 2621XM router. It uses a MKD command with shellcode to execute the exploit.
ViArt Shop is a full featured online ecommerce solution written in php. There is a high risk SQL Injection in ViArt that allows for an attacker to take over the ViArt installation. This vulnerability is present regardless of magic_quotes configuration. The vulnerable code can be found in 'products_rss.php' where the '$category_id' variable is never sanitized within the query, and is never sanitized prior to that point either. This allows for an attacker to easily select arbitrary data from the database such as usernames, passwords, and even credit card information. ViArt strips slashes from within the get_param() function, so magic_quotes does not prevent this SQL Injection from happening.
A Remote File Inclusion (RFI) vulnerability exists in ATutor Course Server, which allows an attacker to include a remote file containing malicious code, resulting in arbitrary code execution. This vulnerability is due to insufficient sanitization of user-supplied input to the 't_file' parameter of the 'import.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 't_file' parameter. Successful exploitation of this vulnerability can result in arbitrary code execution.
Services By CQR