This Vulnerability can upload malicious files direct to web server. An attacker can exploit this vulnerability by sending a malicious file to the upload path and then access the file from the upload directory. An attacker can also exploit the Remote XSS vulnerability by sending a malicious script to the vulnerable parameters.
Xpoze Pro CMS 2008 XPOZE Pro 3.06 is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords.
This vulnerability can be used by a attacker to upload a malicious script on the webserver.
Kasseler-CMS is vulnerable to both Local File Inclusion (LFI) and Cross-Site Scripting (XSS) attacks. The LFI vulnerability is triggered when a malicious user supplies a specially crafted URL to the application, which can be used to access sensitive files on the server. The XSS vulnerability is triggered when a malicious user supplies a specially crafted URL to the application, which can be used to inject malicious JavaScript code into the application.
A new version (1.3.6.1) of Thelia is available on www.thelia.fr/fichiers/thelia_1.3.6.1.zip. This exploit allows attackers to validate commands without payment, execute remote code, and upload remote files.
An attacker can exploit a SQL injection bug in /starnet/addons/slideshow_full.php to retrieve a valid session ID and bypass checks at lines 70-75 to upload malicious files containing PHP code.
Panda Security ActiveScan 2.0 Update function contains a buffer overflow vulnerability. The vulnerability is caused due to a boundary error within the processing of the "update.ini" file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site.
A remote file inclusion vulnerability exists in Joomla com_dbquery component. The vulnerability is due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'administrator/components/com_dbquery/classes/DBQ/admin/common.class.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by including a malicious file from a remote location.
A vulnerability in Joomla Component altas v 1.0 allows an attacker to inject malicious SQL commands into the vulnerable application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'mes' and 'ano' parameters of the 'index.php' script. Successful exploitation of this vulnerability can allow an attacker to gain access to sensitive information from the database, modify data, or exploit further vulnerabilities.
1024 CMS has Remote File Include vulnerability and multiple Local File Include vulnerabilities. The vulnerable scripts are themes/blog/layouts/standard.php, themes/default/layouts/standard.php, themes/portfolio/layouts/standard.php, themes/snazzy/layouts/standard.php and admin/lang/fr/reports/default.php.