Dolphin PHP version 6.1.2 is vulnerable to Remote File Inclusion in multiple files. The vulnerable files are HTMLSax3.php, safehtml.php and content.inc.php. An attacker can exploit this vulnerability by sending a malicious URL in the 'dir[plugins]' parameter of HTMLSax3.php, 'dir[plugins]' parameter of safehtml.php and 'sIncPath' parameter of content.inc.php.
This Exploit will Add user to Administrator's Privilege.
Real Estate Script from mole-group.com contains a insecure mysql query flaw, which allows a remote attacker to execute arbitrary mysql querys and gaining access to confidential information. like username, passwords, email address's etc.
Mole Group Hotel Script suffers from a insecure mysql query in the 'file' variable. This can lead to malicous users arbitrary selecting confidential information from the database. The SQL injection can be found in the URL http://site.com/index.php?file=1/**/UNION/**/ALL/**/SELECT/**/1,CONVERT(name/**/using/**/latin1),3,4/**/FROM/**/settings/*
This exploit is used to gain access to the directory.php file of the SmartPPC Pay Per Click Script. It uses a combination of threads, timeouts, and HTML patterns to gain access to the file. It also uses the LWP::UserAgent module to gain access.
Triton CMS Pro is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to disclose the admin's username and hashed password. This exploit uses the Benchmark() method to check the characters one by one.
Fuzzylime CMS 3.01 is vulnerable to Local File Inclusion (LFI) and Remote Code Execution (RCE). An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can use the LFI vulnerability to include a malicious file from the server and execute arbitrary code. The attacker can also use the RCE vulnerability to execute arbitrary code on the server.
This Vulnerability can upload malicious files direct to web server. Use Web proxy (Webscarab,etc..) to intercept data.
A Blind SQL Injection vulnerability was found in Pay Per Click Script powered by SmartPPC.com. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server with the payload 'site.com/directory.php?username=&idDirectory=90992%20and%20ascii(substring((SELECT%20concat(username,0x3a,pass)%20from%20users%20limit%200,1),1,1))%3E108' which can be used to extract sensitive information from the database.
A remote SEH overwrite vulnerability exists in CMailServer 5.4.6 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server, resulting in arbitrary code execution.
Services By CQR